Ok, so you still favor using a distinct attribute name for SELinux
attributes. Andreas Gruenbacher had suggested during the earlier thread
that we use something like the xattr_trusted.c attribute handler, so
that a single xattr handler would cover all security modules but each
security module could have its own attribute name (security.selinux,
security.dte, security.capabilities, etc). As I explained during that
thread, I don't think we want to use the trusted attribute handler
itself due to its permission checking model, but it would be easy to
make the xattr_security.c handler more like xattr_trusted.c in terms of
allowing arbitrary extensions of a "security." prefix. Is that more to
your liking, or do you truly want a separate handler for each security
module? I see the latter as undesirable as it requires each security
module to separately reserve a name and an index in each filesystem.
-- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/