[NT ACLS] Using the security.* namespace for NTACL considered improper
Jeremy Allison
jra at samba.org
Wed Jan 20 01:31:01 MST 2010
On Wed, Jan 20, 2010 at 09:19:28AM +0100, Stefan (metze) Metzmacher wrote:
> simo schrieb:
> > Tridge, Jeremy,
> > I was following discussions on #samba-technical today and it came up
> > that we have started using security.NTACL as the namespace where to
> > store NT ACLs.
> >
> > Talking with Christoph Hellwig he said that security.* should *not* be
> > used as it is reserved for LSM modules (like SeLinux).
> >
> > Looking at man 5 attr this is briefly hinted indeed, and after further
> > discussion it became clear that we should used the trusted.* namespace
> > instead as this is what the man page says about it:
> >
> > Trusted extended attributes are visible and accessible only
> > to processes that have the CAP_SYS_ADMIN capability (the super
> > user usually has this capability). Attributes in this class
> > are used to implement mechanisms in user space (i.e., outside
> > the kernel) which keep information in extended attributes to
> > which ordinary processes should not have access.
> >
> >
> > I think we should comply, and start moving NTACL to from security.NTACL
> > to trusted.NTACL as soon as possible, before it get widely used.
> >
> > What do you think ?
>
> With trusted.* we need a become_root() each time we want to read the
> security descriptor.
We have to do that with security.* also - in fact we
already do :-).
Jeremy.
More information about the samba-technical
mailing list