* Casey Schaufler (casey@xxxxxxxxxxxxxxxx) wrote: > > > So this is a way for filesystem code to pass information to an LSM > > > without specifying semantics. Is there an expectation that > > > inode_getsecctx return the value sent by inode_notifysecctx, or > > > would you expect the "notify" secctx to be stored elsewhere? > > > > The former (getsecctx should return the value sent by notifysecctx). > > Not a separate value. > > Now that took me by surprise. > > I spent a good deal of time working with POSIX, so my perspective > may be a bit twisted, but I looks to me that from an interface > standpoint, inode_setsecctx and inode_notifysecctx are > indistinguishable. How would the man pages for the two differ? > Would you ever use both interfaces on the same inode? Assuming a simple model (no time of day magic or composite labels) they differ by calling ->setxattr so that the fs actually puts bit on persitent storage (may not be disk for ram backed fs). The callers are from the kernel (you don't have to worry about that) and the implementation is simply update your blob or update your blob and tell fs to update as well. thanks, -chris -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
