From mboxrd@z Thu Jan 1 00:00:00 1970 From: Casey Schaufler Subject: Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name Date: Thu, 28 Feb 2008 17:55:46 -0800 (PST) Message-ID: <710000.44550.qm@web36605.mail.mud.yahoo.com> References: <1204246805.7363.23.camel@heimdal.trondhjem.org> Reply-To: casey@schaufler-ca.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Cc: Dave Quigley , Stephen Smalley , casey@schaufler-ca.com, viro@ftp.linux.org.uk, bfields@fieldses.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, LSM List To: Trond Myklebust , Christoph Hellwig Return-path: In-Reply-To: <1204246805.7363.23.camel@heimdal.trondhjem.org> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org --- Trond Myklebust wrote: > > On Thu, 2008-02-28 at 19:51 -0500, Christoph Hellwig wrote: > > On Thu, Feb 28, 2008 at 04:50:06PM -0800, Trond Myklebust wrote: > > > As I've told you several times before: we're _NOT_ putting private > > > ioctl^Hxattrs onto the wire. If the protocol can't be described in an > > > RFC, then it isn't going in no matter what expletive you choose to > > > use... > > > > It's as unstructured as the named attributes already in. Or file data > > for that matter. > > Describing what is supposed to be a security mechanism in a structured > fashion for use in a protocol should hardly be an impossible task (and > AFAICS, Dave & co are making good progress in doing so). If it is, then > that casts serious doubt on the validity of the security model... Now this is were I always get confused. I sounds like you're saying that a name/value pair is insufficiently structured for use in a protocol specification. > There should be no need for ioctls. Sorry, but as far as I'm concerned you just threw a bunny under the train for no apparent reason. What have ioctls got to do with anything? Casey Schaufler casey@schaufler-ca.com