From: Chris Mason <mason@suse.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Russell Coker <russell@coker.com.au>, reiserfs-list@namesys.com
Subject: Re: xattr
Date: 19 Jun 2003 11:21:24 -0400 [thread overview]
Message-ID: <1056036084.6758.114.camel@tiny.suse.com> (raw)
In-Reply-To: <1056035446.1071.143.camel@moss-huskers.epoch.ncsc.mil>
On Thu, 2003-06-19 at 11:10, Stephen Smalley wrote:
> > Creating a file by creating the xattr sounds like a bad idea as you can't
> > control the Unix permissions of the file. This isn't much of a big deal with
> > SE Linux as the security type determines who can access the file. But for
> > other uses it may be a serious problem.
> >
> > I agree that we need a new syscall and other people had the same idea before
> > either of us.
> >
> > Maybe ReiserFS could be used as the first implementation of this proposed new
> > syscall...
>
> No, this doesn't have to be done in the same transaction, even under the
> old SELinux API. The setting of the file security label is performed by
> the security_inode_post_create/mkdir/... hook call in fs/namei.c, which
> is done while the parent directory semaphore is still held. In the old
> API, the desired file security label was specified via
> open_secure/mkdir_secure/etc system calls and saved in the per-task
> security field for use by the security_inode_post_create/mkdir/...
> hook. In the new API, the desired file security label is specified by
> writing it to /proc/pid/attr/fscreate and then performing an ordinary
> open()/mkdir()/etc call. It is an attribute of the task that is applied
> to subsequent file creations, similar to the umask.
>
Ok, so in the new api, the xattr information is available at the time of
the create. reiserfs would be able to include it all into the same
transaction but doesn't do it right now.
> I seem to be missing a little context; last I looked, reiser in mainline
> kernels still didn't provide xattr support. Will this be changing soon?
First we need to get the data logging code in (which Hans has agreed
to), getting the xattr code in depends on Hans, Jeff Mahoney will be
maintaining as an external patch otherwise.
-chris
next prev parent reply other threads:[~2003-06-19 15:21 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-16 12:26 xattr Russell Coker
2003-06-17 11:04 ` xattr Hans Reiser
2003-06-19 13:52 ` xattr Chris Mason
2003-06-19 14:46 ` xattr Russell Coker
2003-06-19 14:55 ` xattr Chris Mason
2003-06-19 15:12 ` xattr Russell Coker
2003-06-19 15:10 ` xattr Stephen Smalley
2003-06-19 15:21 ` Chris Mason [this message]
2003-06-19 17:25 ` xattr Stephen Smalley
2003-06-19 18:06 ` xattr Chris Mason
2003-06-19 18:52 ` xattr Stephen Smalley
2003-06-19 18:55 ` how to fix the file system which has a dangling file? bmoon
2003-06-23 7:56 ` xattr Hans Reiser
[not found] <200312021433.48383.russell@coker.com.au>
2003-12-02 14:45 ` xattr James Carter
2003-12-02 14:45 ` xattr James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1056036084.6758.114.camel@tiny.suse.com \
--to=mason@suse.com \
--cc=reiserfs-list@namesys.com \
--cc=russell@coker.com.au \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.