On Sun, 2010-02-28 at 16:49 -0800, Casey Schaufler wrote: > I'm mostly in agreement with Stephen. I wouldn't object to a separate > "nfsd." namespace, as opposed to "security." or "trusted." because I > think that in reality you're not going to get very far without treating > is a special case in any event. May as well acknowledge it up front. That was indeed what I envisioned when I suggested it to James originally, but I may have been a bit unclear on the subject. I don't think that either 'security' or 'trusted' are a good fit here, since they both have special meanings to local applications on the server. 'user' is just wrong, since that means that ordinary local users may end up with the power to change the security settings for remote applications. The intention of the 'nfsd' namespace was to separate the local and remote xattr/security realms entirely. That includes allowing the server to set up separate policies to determine who is allowed to change those in the 'nfsd.*' namespace vs those who can change the ordinary 'security', 'trusted' and 'user' namespaces. Cheers Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
