[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
- From: James Morris <jmorris namei org>
- To: Casey Schaufler <casey schaufler-ca com>
- Cc: akpm osdl org, linux-kernel vger kernel org, nfsv4 linux-nfs org, trond myklebust fys uio no, torvalds osdl org, linux-cachefs redhat com, linux-fsdevel vger kernel org
- Subject: [Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
- Date: Thu, 9 Aug 2007 11:50:57 -0700 (PDT)
On Thu, 9 Aug 2007, Casey Schaufler wrote:
> This is SELinux specific functionality. It should not be an LSM
> interface.
As long as the security labels are themselves not being exported to the
kernel to be used e.g. for display or transport, then I agree, and we
should avoid passing them around outside the LSM entirely if possible.
Usually, they're attached to a significant kernel object, which you
typically pass around as part of the interface anyway.
David, I've looked at the code and can't see that you need to access the
label itself outside the LSM. Could you instead simply pass the inode
pointer around?
(I know it's not always possible, but much preferred).
- James
--
James Morris
<jmorris namei org>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]