I believe that Capabilities on the file system are a useful thing. They
obviously also are quite controversial. If deployed without the right tools
they may certainly lead to less secure systems. So these supporting tools
need to be develped first, and some real-world experience seems necessary to
learn more.
Whatever the result of this process will be, should we decide to have
filesystem capabilities we would need to associate some pieces of information
with individual inodes, and this is exactly what Extended Attributes were
designed for. There are implementations for ext2, ext3, jfs, xfs, reiserfs,
so I think it makes no sense to reinvent the wheel. (Xattrs (or EAs) were
actually not invented for Linux; Irix and other OSes support almost identical
schemes.)
Do you happen to know the attr(5) manual page? An online version is available
at <http://acl.bestbits.at/cgi-man/attr.5>; perhaps that helps.
--Andreas.
On Monday 21 October 2002 17:25, Olaf Dietsche wrote:
> Andreas Gruenbacher <agruen@suse.de> writes:
> > Capabilities should be implemented as extended attributes;
>
> Why "should" this be implemented as extended attributes? What are the
> benefits in doing so?
>
> > see Ted's recent postings.
>
> Ted's recent postings argue against capabilities at all. So what do
> you mean?
>
> Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/