Re: [RFC][PATCH] Extended Attributes for Security Modules

Chris Wright (chris@wirex.com)
Thu, 17 Apr 2003 18:07:45 -0700


* richard offer (offer@sgi.com) wrote:
> * frm chris@wirex.com "04/17/03 13:30:59 -0700" | sed '1,$s/^/* /'
> *
> * This is the core issue. Personally, I'd rather stick to simple strings
> * and per-module attributes rooted at a common point. This is simplest
> * for userspace tools. But the attribute namespace is effectively flat,
> * so it's a question of simplicity for locating the attributes. A simple
> * getxattr(2) vs. a listxattr(2) plus multiple getxattr(2). Unfortunately,
> * this points at a single standard name I think...
>
> Good point. Okay you've conviced me enough that while I don't agree more
> than 51%, I'm at least going to shut up until the next time.

Heh, it's a valid question. I like per-module attributes, but I don't
think they are as nice for userland tools. I don't acutally like
encoding namesapce into the attribute value, but I'm not sure the
alternative is much different/better.

> Would it make sense to have a single "backup/restore security label" tool
> that is distributed alongside LSM rather than relying on each module writer
> developing their own.

You mean to ensure that labels are accumulated rather than replaced?
Could be useful I suppose.

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/