On Mon, 05 Sep 2011 15:42:17 PDT, Casey Schaufler said: > On 9/5/2011 10:25 AM, Aneesh Kumar K.V wrote: > > The following set of patches implements VFS and ext4 changes needed to implement > > a new acl model for linux. Rich ACLs are an implementation of NFSv4 ACLs, > > extended by file masks to fit into the standard POSIX file permission model. > > They are designed to work seamlessly locally as well as across the NFSv4 and > > CIFS/SMB2 network file system protocols. > > POSIX ACLs predate the LSM and can't be done as an LSM due to > the interactions between mode bits and ACLs as defined by the > POSIX DRAFT specification. Is there a reason that "rich" ACLs > can not be done as an LSM? Well, if it was done as an LSM, it would mean that if I wanted to build a system where I have a few hundred terabytes of disk exported via Samba, and I wanted Samba to save the CIFS permission ACL, I couldn't also run Selinux or SMACK or anything like that - unless somebody actually snuck in the "LSMs are stackable" patch while I wasn't looking?
Attachment:
pgp42dJ0Js3bN.pgp
Description: PGP signature
