Hi Chris,
Good timing! -- I just had lunch with Russell Coker on Saturday,
and afterward I started having a look at this too.
On Mon, Dec 01, 2003 at 12:01:02PM -0600, Chris PeBenito wrote:
> Here is a patch against -test10 that adds an option for the security.
> namespace (controlled by a configure option), which is used by SELinux
> to store it's security labels. I created this patch based off Tad
> Glines' (tadglines@xxxxxxxxxxx) 2.4 patch
> (http://www.glines.com/xfs.patch.bz2). Please critique this, and if its
> ok, please consider for inclusion.
>
> I was warned on #xfs that this may break IRIX compatability, so there is
> a note in the Kconfig. However Tad says that the security. attributes
> will show up in the user namespace on a standard XFS linux kernel, but I
Hmm... security names showing up in the user namespace wouldn't
be a good thing... depends how the code is written, I'll take a
look shortly.
> didn't verify. He also mentioned that xfsdump and xfsrestore would need
> to be patched to support this.
I don't think the "breaking" IRIX compatibility is a big deal -
its not so much "breaking" as just being unsupported, hopefully
the IRIX XFS code will deal with this gracefully (i.e. anything
but a panic ;), I'll cross check that. Same issue exists in an
existing Linux kernel of course, so not just IRIX compatibility
we must consider here.
We also need to do some cleanup in xfs_iops.c first I think - we
are repeating too much stuff there, looks like it can be made a
fair bit simpler. I'll send you my changes when I have something
that compiles and runs so we can compare notes.
thanks.
--
Nathan
|