I don't mind splitting them into a separate patch (and offered to do so
in the earlier posting against 2.5.67), but I don't agree that they are
a different issue. The changes to the LSM xattr-related hooks are part
of supporting the use of extended attributes by security modules for
file security labels; the changes permit the security module to update
the inode security structure upon successful setxattr calls, and to
provide atomicity for the check and update of the security label.
> The other question is why do you name them system.security? The name
> sounds a bit too generic to me. ACLs are certainly a security feature
> and have different ATTRS, similar for the Posix capability and MAC
> support in XFS. As selinux is the flask implementation for Linux
> what about system.flask_label? (or system.selinux_label?)
The idea of using separate attribute names for each security module was
already discussed at length when I posted the original RFC, and I've
already made the case that this is not desirable. Please see the
earlier discussion.
-- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/