[NT ACLS] Using the security.* namespace for NTACL considered improper
idra at samba.org
Tue Jan 19 12:34:47 MST 2010
I was following discussions on #samba-technical today and it came up
that we have started using security.NTACL as the namespace where to
store NT ACLs.
Talking with Christoph Hellwig he said that security.* should *not* be
used as it is reserved for LSM modules (like SeLinux).
Looking at man 5 attr this is briefly hinted indeed, and after further
discussion it became clear that we should used the trusted.* namespace
instead as this is what the man page says about it:
Trusted extended attributes are visible and accessible only
to processes that have the CAP_SYS_ADMIN capability (the super
user usually has this capability). Attributes in this class
are used to implement mechanisms in user space (i.e., outside
the kernel) which keep information in extended attributes to
which ordinary processes should not have access.
I think we should comply, and start moving NTACL to from security.NTACL
to trusted.NTACL as soon as possible, before it get widely used.
What do you think ?
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical