[RFC]Introduce generalized hooks for getting and setting inode secctx v3
James Morris
jmorris at namei.org
Wed Mar 19 11:24:53 EDT 2008
On Wed, 19 Mar 2008, Casey Schaufler wrote:
> Oh, cut the crap. What part of my explainations don't you understand?
>
> I understand the functionality. That is not my point. My point is
> that inode_notifysecctx() explicitly prohibits the LSM from providing
> integrity of the security attributes by introducing a differentiation
> between the "in-core" and "on-disk" values, and making it explicit
> that the one is set, but not the other.
>
> Clearly this is the direction you intend to go. Have fun with it.
> I've raised the issue, y'all aren't seeing it. Maybe I'm wrong,
> it has happened before.
Please stop trolling.
- James
--
James Morris
<jmorris at namei.org>
More information about the NFSv4
mailing list