On Friday, November 07, 2014 10:05:40 PM David Howells wrote: > Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > So the LSM must modify the xattr in place? I suppose that since the > > @value is allocated to the max size it shouldn't be a problem. Just > > checking ... > > ... And the caller must provide a maximally sized buffer (which it likely > has to allocate anyway). > > I'm not sure I really need to provide the modification thing. I suspect a > binary keep or discard decision is sufficient. The docker use case we've been talking about in this thread doesn't really care about the on-disk file labels (xattrs) because the docker folks want to use context= mounts; however if someone did care about on-disk file labels for the upper layer in the overlayfs then they might want to modify the xattr. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
