Dave Chinner wrote:
> On Tue, Jul 23, 2013 at 02:29:42PM -0700, Linda Walsh wrote:
> > Currently there are 3 disjoint attribute spaces on files -- user, root and
> > security.
> > (there is a misprint in the manual that says there is 2, but later, it gives
> > talks about using no switch giving the User attrib space, -R for Root attrib
> > space, and -S for the Security attrib space).
> You're confusing on-disk formats used to store attributes with
> namepaces used to report and access them. Linux has security,
> system, trusted and user namespaces, while on disk XFS has "root",
> "secure", and "user" spaces.
> Linux attr XFS on disk
> system root
> security secure
> trusted root
> user user
That makes the man page even more dated...
Why don't we copy your explanation into the manpage! It's certainly
more clear! ;-)
> > Of these, the ACL's are being placed in the root, which might describe
> > file types, or other OS related info, but not security attributes like
> > ACL's.
> > They should be in the Security attrib space (otherwise what is the point of
> > a
> > Security attribute space).
> Posix ACLS are defined by the *kernel* to be in the "system"
Likely because the system namespace predates the secur[e/ity] namespace,
which seems like it might have been the timeframe that part in the "attr"
saying there were only 2 namespaces, was written?
> #define POSIX_ACL_XATTR_ACCESS "system.posix_acl_access"
> #define POSIX_ACL_XATTR_DEFAULT "system.posix_acl_default"
> IOWs, the Linux *kernel* doesn't consider ACLs to be part of the
> security namespace, and so neither does XFS.
Well, of the kernel I can understand why ... and then it
makes sense that XFS would have followed the kernel through its
So that still leaves the Q's about the -l (--list) function no longer
being maitained, and the suggested alternates having no similar functionality
nor any for the 'root' or 'secur' namespaces.
Maybe not important, but sometimes linux security looks a bit like it is
security through obscurity...or it could just be generally obscure engineer