| Main Archive Page > Month Archives > linux-kernel archives |
Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name
From: Casey Schaufler <casey_at_nospam>Date: Fri Feb 29 2008 - 01:55:46 GMT
To: Trond Myklebust <trond.myklebust@fys.uio.no>, Christoph Hellwig <hch@infradead.org>
- Trond Myklebust <trond.myklebust@fys.uio.no> wrote:
>
> On Thu, 2008-02-28 at 19:51 -0500, Christoph Hellwig wrote:
> > On Thu, Feb 28, 2008 at 04:50:06PM -0800, Trond Myklebust wrote:
> > > As I've told you several times before: we're _NOT_ putting private
> > > ioctl^Hxattrs onto the wire. If the protocol can't be described in an
> > > RFC, then it isn't going in no matter what expletive you choose to
> > > use...
> >
> > It's as unstructured as the named attributes already in. Or file data
> > for that matter.
>
> Describing what is supposed to be a security mechanism in a structured
> fashion for use in a protocol should hardly be an impossible task (and
> AFAICS, Dave & co are making good progress in doing so). If it is, then
> that casts serious doubt on the validity of the security model...
Now this is were I always get confused. I sounds like you're saying that a name/value pair is insufficiently structured for use in a protocol specification.
> There should be no need for ioctls.
Sorry, but as far as I'm concerned you just threw a bunny under the train for no apparent reason. What have ioctls got to do with anything?
Casey Schaufler
casey@schaufler-ca.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html