On Tue, 2004-11-23 at 14:27, Jeff Mahoney wrote: > Chris Wright wrote: > | Why add extra hook, when this could be done in VFS with i_flags? > > Sure, it could be done w/ an i_flags bit. However, since it's explicitly > related to the security infrastructure, I think it's more appropriate > there. There's no change in the size of inode_security_struct, and the > addition of the deref is trivial given how many other places in the > file-io path use the same call table. That said, I'll change it to use > whatever ends up being agreed upon. I'm just looking to get selinux to > not call xattr routines on reiserfs-internal files/directories.
I suppose the question is whether the VFS maintainer thinks that this reiserfs private inode flag should be made visible in the i_flags, or whether it should remain private to reiserfs and only explicitly exported to the security modules via the new hook. We can implement the corresponding SELinux support for handling such private inodes either way. Would the VFS ever make use of the flag itself, e.g. to skip DAC permission checking on such inodes as well? -- Stephen Smalley <[EMAIL PROTECTED]> National Security Agency
