[NT ACLS] Using the security.* namespace for NTACL considered improper
Stefan (metze) Metzmacher
metze at samba.org
Wed Jan 20 01:19:28 MST 2010
simo schrieb:
> Tridge, Jeremy,
> I was following discussions on #samba-technical today and it came up
> that we have started using security.NTACL as the namespace where to
> store NT ACLs.
>
> Talking with Christoph Hellwig he said that security.* should *not* be
> used as it is reserved for LSM modules (like SeLinux).
>
> Looking at man 5 attr this is briefly hinted indeed, and after further
> discussion it became clear that we should used the trusted.* namespace
> instead as this is what the man page says about it:
>
> Trusted extended attributes are visible and accessible only
> to processes that have the CAP_SYS_ADMIN capability (the super
> user usually has this capability). Attributes in this class
> are used to implement mechanisms in user space (i.e., outside
> the kernel) which keep information in extended attributes to
> which ordinary processes should not have access.
>
>
> I think we should comply, and start moving NTACL to from security.NTACL
> to trusted.NTACL as soon as possible, before it get widely used.
>
> What do you think ?
With trusted.* we need a become_root() each time we want to read the
security descriptor.
I think security.* is better because in future someone can implement
a kernel module for them, there's already a start of such a module in
the lorikeet svn tree.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100120/4726af36/attachment.pgp>
More information about the samba-technical
mailing list