linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andreas Dilger <adilger@clusterfs.com>
To: Christoph Hellwig <hch@infradead.org>,
	Stephen Smalley <sds@epoch.ncsc.mil>,
	Linus Torvalds <torvalds@transmeta.com>,
	"Ted Ts'o" <tytso@mit.edu>,
	Andreas Gruenbacher <a.gruenbacher@computer.org>,
	Stephen Tweedie <sct@redhat.com>,
	lkml <linux-kernel@vger.kernel.org>,
	lsm <linux-security-module@wirex.com>
Subject: Re: [PATCH] Extended Attributes for Security Modules against 2.5.68
Date: Wed, 23 Apr 2003 12:54:52 -0600	[thread overview]
Message-ID: <20030423125452.I26054@schatzie.adilger.int> (raw)
In-Reply-To: <20030423112548.B15094@figure1.int.wirex.com>; from chris@wirex.com on Wed, Apr 23, 2003 at 11:25:49AM -0700

On Apr 23, 2003  11:25 -0700, Chris Wright wrote:
> * Christoph Hellwig (hch@infradead.org) wrote:
> > The other question is why do you name them system.security?  The name
> > sounds a bit too generic to me.  ACLs are certainly a security feature
> > and have different ATTRS, similar for the Posix capability and MAC
> > support in XFS.  As selinux is the flask implementation for Linux
> > what about system.flask_label?  (or system.selinux_label?)
> 
> It's really a namespace issue for user apps trying to deal with xattrs.
> Being able to display the xattrs associated with a file in sane way,
> like getxattr(path, "system.security", ...).  Otherwise something like
> listxattr() then gettxttr(... "system.security.[blah]" ...).  Total
> freeform naming is a headache for userspace to deal with.  Esp. since we
> don't want to teach all userland tools about each individual module/policy.

Well, with the exception of backup/restore (which will just treat this
EA data as opaque and doesn't really care whether the names are fixed
or not), the tools DO need to understand each individual module
or policy in order to make any sense of the data.  Otherwise, all you
can do is print out some binary blob which is no use to anyone.

So, either the tools look for "system.security", and then have to
understand an internal magic for each module to know what to do with
the data, or it looks for "system.<modulename>" for only module names
that it actually understands.

The only reason to use a common "system.security" is if the actual data
stored therein was usable by more than a single security module.

Cheers, Andreas
--
Andreas Dilger
http://sourceforge.net/projects/ext2resize/
http://www-mddsp.enel.ucalgary.ca/People/adilger/


  parent reply	other threads:[~2003-04-23 18:45 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-04-23 17:52 [PATCH] Extended Attributes for Security Modules against 2.5.68 Stephen Smalley
2003-04-23 18:17 ` Christoph Hellwig
2003-04-23 18:25   ` Chris Wright
2003-04-23 18:45     ` Christoph Hellwig
2003-04-23 19:17       ` Stephen Smalley
2003-04-23 19:26         ` Christoph Hellwig
2003-04-23 19:52           ` Stephen Smalley
2003-04-23 20:20             ` Christoph Hellwig
2003-04-24 12:55               ` Stephen Smalley
2003-04-24 13:03                 ` Christoph Hellwig
2003-04-24 13:49                   ` Stephen Smalley
2003-04-24 18:36                     ` Chris Wright
2003-04-24 19:02                       ` Stephen Smalley
2003-04-24 19:40                         ` Andreas Dilger
2003-04-24 20:04                           ` Stephen Smalley
2003-04-24 20:47                           ` Chris Wright
2003-04-24 19:47                         ` Chris Wright
2003-04-24 20:07                           ` Stephen Smalley
2003-04-23 20:07           ` richard offer
2003-04-23 18:54     ` Andreas Dilger [this message]
2003-04-23 19:14       ` Stephen Smalley
2003-04-23 19:15       ` Chris Wright
2003-04-23 19:28         ` Valdis.Kletnieks
2003-04-23 19:40           ` Chris Wright
2003-04-23 19:49             ` Valdis.Kletnieks
2003-04-23 18:35   ` Stephen Smalley
2003-04-23 18:42     ` Christoph Hellwig
2003-04-23 18:59       ` Stephen Smalley
2003-04-23 19:09         ` Christoph Hellwig
2003-04-24  5:02       ` Jakob Oestergaard
2003-04-28 15:59       ` Stephen C. Tweedie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030423125452.I26054@schatzie.adilger.int \
    --to=adilger@clusterfs.com \
    --cc=a.gruenbacher@computer.org \
    --cc=hch@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@wirex.com \
    --cc=sct@redhat.com \
    --cc=sds@epoch.ncsc.mil \
    --cc=torvalds@transmeta.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).