unionfs, tmpfs, and xattrs
James Morris
jmorris at namei.org
Wed Feb 8 14:51:48 UTC 2006
On Tue, 7 Feb 2006, Bill Nottingham wrote:
> It just seems like a hacky interface to say "filesystems need to provide their
> own xattr code, but if they don't the security module might decide to make one up."
It doesn't "make one up", the kernel has an xattr because the data is
always labeled. What it's saying is, if the fs doesn't implement it's own
xattr code, we return what the kernel is maintaining anyway.
> It would seem preferable to just have the security labels be done via an
> explicit mechanism rather than to incompletely overload xattrs.
It is explicit, but there's a fallback if the fs doesn't implement xattrs.
You can still override this by implementing xattrs for a psuedo fs.
>
> > What is the upstream status of unionfs?
>
> It's not upstream yet, although it's used in a variety of projects.
It's really best for everyone if the code is posted for upstream merge.
- James
--
James Morris
<jmorris at namei.org>
More information about the fedora-selinux-list
mailing list