From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Wright <chrisw@osdl.org>
Subject: Re: [RFC][PATCH] Generic fallback for security xattrs
Date: Fri, 19 Aug 2005 13:45:09 -0700
Message-ID: <20050819204509.GM7762@shell0.pdx.osdl.net>
References: <1124474276.32663.134.camel@moss-spartans.epoch.ncsc.mil> <20050819180244.GA5727@infradead.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
	linuxfs <linux-fsdevel@vger.kernel.org>,
	Andreas Gruenbacher <agruen@suse.de>,
	Darrel Goeddel <dgoeddel@trustedcs.com>,
	James Morris <jmorris@namei.org>,
	Chris Wright <chrisw@osdl.org>,
	Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from smtp.osdl.org ([65.172.181.4]:39140 "EHLO smtp.osdl.org")
	by vger.kernel.org with ESMTP id S932246AbVHSUpi (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 19 Aug 2005 16:45:38 -0400
To: Christoph Hellwig <hch@infradead.org>
Content-Disposition: inline
In-Reply-To: <20050819180244.GA5727@infradead.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

* Christoph Hellwig (hch@infradead.org) wrote:
> On Fri, Aug 19, 2005 at 01:57:56PM -0400, Stephen Smalley wrote:
> > Note that this
> > approach may be controversial [1]; it has been suggested that we
> > should instead be modifying all filesystem types to support security
> > (and other) xattrs natively, but this seems questionable for legacy
> > filesystems like vfat and pseudo filesystems like proc, especially
> > when the resulting code will end up simply calling the security
> > framework to access the incore security label as with the current
> > devpts and tmpfs handlers.

Agreed, I think the counter points that were made were not reasonable.

> > The patch restructures the code flow slightly to reduce duplication
> > between the normal path and the fallback path, but this should only have
> > one user-visible side effect - a program may get -EACCES rather than
> > -EOPNOTSUPP if policy denied access but the filesystem didn't support
> > the operation anyway.  Note that the post_setxattr hook call is not
> > needed in the fallback case, as the inode_setsecurity hook call handles
> > the incore inode security state update directly.  In contrast, we do
> > call fsnotify in both cases.
> > 
> > Let me know what you think.  Please do NOT apply yet.
> 
> Very nice, and gets rid of lots of crap.  Now that we started parsing
> the attribute name in generic code we should deprecate the old
> ->{get,set,list,remove}xattr inode operations and make the helpers
> James added a while ago mandatory for the future.

I agree it's a nice cleanup.  The only thing I didn't care for was parsing
name in generic code (since it was special cased as the only name), but
you make a great point.  There are toplevel generic names which each fs
has to parse anyway.