On Fri, 2022-11-18 at 10:32 +0100, Roberto Sassu wrote: > > Smack uses multiple xattrs. All file system objects have a SMACK64 > > attribute, which is used for access control. A program file may have > > a SMACK64EXEC attribute, which is the label the program will run with. > > A library may have a SMACK64MMAP attribute to restrict loading. A > > directory may have a SMACK64TRANSMUTE attribute, which modifies the > > new object creation behavior. > > > > The point being that it may be more than a "nice idea" to support > > multiple xattrs. It's not a hypothetical situation. > > Ok, that means that I have to change the number of xattrs reserved by > Smack in patch 3. Based on evm_config_default_xattrnames[], there are 4. There's the original SMACK and these 3 additional ones. Mimi
