[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Here is public disuccsion about extended attributs namespaces, following
a private request from yamt@
We ahve two extended attributes API in tree: one from FreeBSD and one from
Linux. We are about to toss the FreeBSD one in favor of the Linux one.
That is easy now since we never had working extended attributes in a
Extended attribute have namespaces, which are used for access control.
For instance, an unprivilegied user can access user namespace extattr on
a file he owns. system namespace extattr can only be accessed by
In the FreeBSD API, namespaces are int. There are two namesapces defined:
ssytem and user. There is no way to add other namespaces, though I have
no idea what happens if one use an int valude different than system or user.
In the Linux API, namespaces are dot-prefixed to the extended attribute
named. For instance: system.foo is the system-namespace foo attribute.
One can use any namespace, some of them having special access controls:
trusted, system and security feature privilegied access control.
If we dump the FreeBSD API, we are left with kernel internal interfaces
with namespaces as an int. We can just ignore them and enforce the use
of dot-prefux namespaces.
Main Index |
Thread Index |