[NT ACLS] Using the security.* namespace for NTACL considered improper

Andrew Bartlett abartlet at samba.org
Tue Jan 19 13:14:18 MST 2010

On Tue, 2010-01-19 at 14:34 -0500, simo wrote:
> Tridge, Jeremy,
> I was following discussions on #samba-technical today and it came up
> that we have started using security.NTACL as the namespace where to
> store NT ACLs.
> Talking with Christoph Hellwig he said that security.* should *not* be
> used as it is reserved for LSM modules (like SeLinux).
> Looking at man 5 attr this is briefly hinted indeed, and after further
> discussion it became clear that we should used the trusted.* namespace
> instead as this is what the man page says about it:
>         Trusted  extended  attributes  are  visible and accessible only
>         to processes that have the CAP_SYS_ADMIN capability (the super
>         user  usually has  this  capability).  Attributes in this class
>         are used to implement mechanisms in user space (i.e., outside
>         the kernel) which keep information in extended attributes to
>         which ordinary processes should not have access.
> I think we should comply, and start moving NTACL to from security.NTACL
> to trusted.NTACL as soon as possible, before it get widely used.
> What do you think ?

I don't think we should change - the hope is that at some point that
kernels (maybe not the vanilla linux kernel) will read this attribute
and interpret it like NFSv4 ACLs (I presume) and POSIX ACLs that are

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100120/f82e9dda/attachment.pgp>

More information about the samba-technical mailing list