From: Christoph Hellwig <hch@infradead.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linuxfs <linux-fsdevel@vger.kernel.org>,
Andreas Gruenbacher <agruen@suse.de>,
Darrel Goeddel <dgoeddel@trustedcs.com>,
James Morris <jmorris@namei.org>, Chris Wright <chrisw@osdl.org>,
Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [RFC][PATCH] Generic fallback for security xattrs
Date: Fri, 19 Aug 2005 19:02:44 +0100 [thread overview]
Message-ID: <20050819180244.GA5727@infradead.org> (raw)
In-Reply-To: <1124474276.32663.134.camel@moss-spartans.epoch.ncsc.mil>
On Fri, Aug 19, 2005 at 01:57:56PM -0400, Stephen Smalley wrote:
> This is a request for comments (only) on the patch below that modifies
> the VFS setxattr, getxattr, and listxattr code to fall back to the
> security module for security xattrs if the filesystem does not support
> xattrs natively. This allows security modules to export the incore
> inode security label information to userspace even if the filesystem
> does not provide xattr storage, and eliminates the need to
> individually patch various pseudo filesystem types to provide such
> access (note that this patch removes the existing xattr code from
> devpts and tmpfs as it is then no longer needed). Note that this
> approach may be controversial [1]; it has been suggested that we
> should instead be modifying all filesystem types to support security
> (and other) xattrs natively, but this seems questionable for legacy
> filesystems like vfat and pseudo filesystems like proc, especially
> when the resulting code will end up simply calling the security
> framework to access the incore security label as with the current
> devpts and tmpfs handlers.
>
> The patch restructures the code flow slightly to reduce duplication
> between the normal path and the fallback path, but this should only have
> one user-visible side effect - a program may get -EACCES rather than
> -EOPNOTSUPP if policy denied access but the filesystem didn't support
> the operation anyway. Note that the post_setxattr hook call is not
> needed in the fallback case, as the inode_setsecurity hook call handles
> the incore inode security state update directly. In contrast, we do
> call fsnotify in both cases.
>
> Let me know what you think. Please do NOT apply yet.
Very nice, and gets rid of lots of crap. Now that we started parsing
the attribute name in generic code we should deprecate the old
->{get,set,list,remove}xattr inode operations and make the helpers
James added a while ago mandatory for the future.
next prev parent reply other threads:[~2005-08-19 18:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-19 17:57 [RFC][PATCH] Generic fallback for security xattrs Stephen Smalley
2005-08-19 18:02 ` Christoph Hellwig [this message]
2005-08-19 20:41 ` Jeff Mahoney
2005-08-19 20:45 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050819180244.GA5727@infradead.org \
--to=hch@infradead.org \
--cc=agruen@suse.de \
--cc=chrisw@osdl.org \
--cc=dgoeddel@trustedcs.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).