[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4A8C3AB2.6080503@schaufler-ca.com>
Date: Wed, 19 Aug 2009 10:47:30 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: Stephen Smalley <sds@...ho.nsa.gov>
CC: "Eric W. Biederman" <ebiederm@...ssion.com>,
"David P. Quigley" <dpquigl@...ho.nsa.gov>, jmorris@...ei.org,
gregkh@...e.de, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
SE Linux <selinux@...ho.nsa.gov>,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH] Security/sysfs: v2 - Enable security xattrs to be set
on sysfs files, directories, and symlinks.
Stephen Smalley wrote:
> ...
>> So how often is the SELinux label going to get explicitly set in /sys ?
>> I'm grappling with the value of going hog-wild in optimizing this. If
>> it is something that's quite rare I can see the concern with expanding
>> the d_entry. If it is common, the storage associated with storing the
>> xattr could be an issue. If it is uncommon but not rare there's another
>> story again.
>>
>> I'm looking at addressing the issues. Thank you.
>>
>
> I'd expect most sysfs nodes to be left in the default label, although we
> don't really know as this would be the first time that people have the
> option of finer-grained control to sysfs.
This would be consistent with the Unix MLS experience. Most system
files, including things like sysfs, either stick with their original
labels. On the occasion where they get changed the reason is both
important and focused. I had an update almost ready, but I need some
changes to accommodate the assumption that setting an attribute
is rare.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists