Holger Berger wrote:
For which specific application was the XATTR API designed for? JDS?
If I remember my history correctly a large part of the driver for this
was a previous project at Sun that was attempting to do CIFS support -
more than that I can't say partly due to poor memory on my part and
partly due to what I do remember possibly being encumbered and thus not
appropriate for this alias.
There was a large push, that so far has failed, by several of the
Solaris security team to make the XATTRS like we had them on the
modified version of UFS that shipped with Trusted Solaris releases upto
and including Trusted Solaris 8 (but won't be a carried forward). In
that product there was a system name space for xattrs that required
specific privileges to modify them. This meant that they could be used
by the system (not by applications) to do forced fine grained privilege
and store the labels for Mandatory Access Control (MAC).
I think we can still "fix" things so that XATTRS can be used for this.
Today though ZFS supports XATTRS mainly so that it can server them up to
NFSv4 clients.
It certainly wasn't
why they were introduced into Solaris.
IMO runat(1) should never have been shipped it presents a "strange" view
of the world and an illusion that something outside of the creating
application can and should be able to manipulate the xattrs (which IMO
is not necessarily a desireable thing).
I agree with you. Could you file a bug to get it removed from the
distribution, please?
Why not do it your self at http://bugs.opensolaris.org/
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
