On Tue, 2013-04-02 at 17:45 -0400, Steve Dickson wrote: > From: David Quigley <dpquigl@xxxxxxxxxxxxxxx> > > There is a time where we need to calculate a context without the > inode having been created yet. To do this we take the negative dentry and > calculate a context based on the process and the parent directory contexts. > Can you remind me again why this is needed? Basing security decisions on the namespace seems just seems to run against the basic selinux concept. Is it for apparmor and tomoyo support in LNFS? -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
