On Fri, 15 May 2009, Stephen Smalley wrote: > The create_sid is not relevant in the preserve_security==1 case; the > filesystem will always preserve the security context from the original > inode on the new inode in that case. The create_sid won't ever be used > in that case, as it only gets applied if the filesystem calls > security_inode_init_security() to obtain the attribute (name, value) > pair for a new inode, and the filesystem will only do that in the > preserve_security==0 case. Ok. Does this break the idea of create_sid, though? i.e. it will be ignored when a new file is created via reflink(), potentially allowing DAC to determine whether MAC labeling policy is enforced, and is also not consistent with the way fsuid is handled. - James -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
