[NT ACLS] Using the security.* namespace for NTACL considered improper

simo idra at samba.org
Tue Jan 19 12:34:47 MST 2010

Tridge, Jeremy,
I was following discussions on #samba-technical today and it came up
that we have started using security.NTACL as the namespace where to
store NT ACLs.

Talking with Christoph Hellwig he said that security.* should *not* be
used as it is reserved for LSM modules (like SeLinux).

Looking at man 5 attr this is briefly hinted indeed, and after further
discussion it became clear that we should used the trusted.* namespace
instead as this is what the man page says about it:

        Trusted  extended  attributes  are  visible and accessible only
        to processes that have the CAP_SYS_ADMIN capability (the super
        user  usually has  this  capability).  Attributes in this class
        are used to implement mechanisms in user space (i.e., outside
        the kernel) which keep information in extended attributes to
        which ordinary processes should not have access.

I think we should comply, and start moving NTACL to from security.NTACL
to trusted.NTACL as soon as possible, before it get widely used.

What do you think ?


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list