Casey Schaufler <[EMAIL PROTECTED]> writes: > --- Olaf Dietsche <[EMAIL PROTECTED]> wrote: > >> The bits are stored in a sparse file named /.capabilities in the >> directory of the mount point, where the corresponding executable >> lives. The inode number of the file is the index into this file. > > The old PlanG approach. It's the way that we did MAC labels in > Trix4. It has the wicked advantage of working across NFS without > anyone being the wiser.
If you don't trust a NFS, you'll mount it nosuid anyway and then fscaps are disabled too. > It really causes trouble for backup utilities, however. Whatever implementation you choose, you will always have to modify your backup utilities or copy the attributes separately. > Trix6 (there wasn't really a Trix5) had xattrs > available and we found the switch well worth the investment. Extended attributes are a nice, clean concept, like micro kernels for example :-). But they have a cost, which shouldn't be ignored. Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
