From: Chris Wright <chrisw@osdl.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
linuxfs <linux-fsdevel@vger.kernel.org>,
Andreas Gruenbacher <agruen@suse.de>,
Darrel Goeddel <dgoeddel@trustedcs.com>,
James Morris <jmorris@namei.org>, Chris Wright <chrisw@osdl.org>,
Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>
Subject: Re: [RFC][PATCH] Generic fallback for security xattrs
Date: Fri, 19 Aug 2005 13:45:09 -0700 [thread overview]
Message-ID: <20050819204509.GM7762@shell0.pdx.osdl.net> (raw)
In-Reply-To: <20050819180244.GA5727@infradead.org>
* Christoph Hellwig (hch@infradead.org) wrote:
> On Fri, Aug 19, 2005 at 01:57:56PM -0400, Stephen Smalley wrote:
> > Note that this
> > approach may be controversial [1]; it has been suggested that we
> > should instead be modifying all filesystem types to support security
> > (and other) xattrs natively, but this seems questionable for legacy
> > filesystems like vfat and pseudo filesystems like proc, especially
> > when the resulting code will end up simply calling the security
> > framework to access the incore security label as with the current
> > devpts and tmpfs handlers.
Agreed, I think the counter points that were made were not reasonable.
> > The patch restructures the code flow slightly to reduce duplication
> > between the normal path and the fallback path, but this should only have
> > one user-visible side effect - a program may get -EACCES rather than
> > -EOPNOTSUPP if policy denied access but the filesystem didn't support
> > the operation anyway. Note that the post_setxattr hook call is not
> > needed in the fallback case, as the inode_setsecurity hook call handles
> > the incore inode security state update directly. In contrast, we do
> > call fsnotify in both cases.
> >
> > Let me know what you think. Please do NOT apply yet.
>
> Very nice, and gets rid of lots of crap. Now that we started parsing
> the attribute name in generic code we should deprecate the old
> ->{get,set,list,remove}xattr inode operations and make the helpers
> James added a while ago mandatory for the future.
I agree it's a nice cleanup. The only thing I didn't care for was parsing
name in generic code (since it was special cased as the only name), but
you make a great point. There are toplevel generic names which each fs
has to parse anyway.
prev parent reply other threads:[~2005-08-19 20:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-19 17:57 [RFC][PATCH] Generic fallback for security xattrs Stephen Smalley
2005-08-19 18:02 ` Christoph Hellwig
2005-08-19 20:41 ` Jeff Mahoney
2005-08-19 20:45 ` Chris Wright [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050819204509.GM7762@shell0.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=agruen@suse.de \
--cc=dgoeddel@trustedcs.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).