Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name

From: James Morris <jmorris_at_nospam>
Date: Fri Feb 29 2008 - 02:15:16 GMT
To: Casey Schaufler <casey@schaufler-ca.com>

On Thu, 28 Feb 2008, Casey Schaufler wrote:

> Easier may be pragmatic, but that does not make it right.
> I suggest, that in my opinion (there, is that sufficiently
> non-confrontational?) that Linux and the LSM are much better
> served by a general xattr protocol than by adding a single
> reccommended attribute.

An xattr protocol is overkill for conveying a MAC label over the network, and would still not provide the required semantics.

Please see prior discussion on this e.g.

http://marc.info/?l=linux-kernel&m=120424789929258&w=2

Note that RAs are already used to convey ACLs and all other system-managed metatdata. i.e. an extensible, appropriate infrastructure already exists in the NFSv4 protocol, and has been used successfully for similar purposes. We do not need to add a new, generalized protocol to NFSv4 for this, especially one which does not meet the requirements.

James -- James Morris <jmorris@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

This message: [ Message body ]
Next message: Casey Schaufler: "Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name"
Previous message: Dave Quigley: "Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name"
In reply to: Casey Schaufler: "Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name"
Next in thread: Casey Schaufler: "Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]