On Wed, May 13, 2009 at 01:23:58PM -0400, Stephen Smalley wrote: > File capabilities live under security.*, but ACLs predate the security > namespace and live in the system namespace as > "system.posix_acl_access" (and if a directory, there is also a > "system.posix_acl_default" attribute that specifies the default ACL for > new files in that directory). > > In the preserve_security==0 case, you'd want to: > - drop all attributes under security.* on the new inode, > - set (security.<name>, value) to the name:value pair provided by > security_inode_init_security(), > - set system.posix_acl_access to the default ACL associated with the > parent directory (the "system.posix_acl_default" attribute on the > parent). > > The latter two steps are what is already done in the new inode creation > code path, so you hopefully can just reuse that code. I am absolutely expecting to reuse that code. I was just trying to make sure I didn't miss any steps prior to the normal new-inode stuff. Thanks. Joel -- The zen have a saying: "When you learn how to listen, ANYONE can be your teacher." Joel Becker Principal Software Developer Oracle E-mail: joel.becker@xxxxxxxxxx Phone: (650) 506-8127 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
