-
Andrew Morton authored
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch against 2.5.68 implements an xattr handler for ext3 to support the use of extended attributes by security modules for storing file security labels. As per the earlier discussion of extended attributes for security modules, this handler uses a "security." prefix and allows for per-module attribute names. Security checking for userspace access to these attributes can be performed by the security module using the LSM hooks in fs/xattr.c, and the security module is free to internally use the inode operations without restriction for managing its security labels. Unlike the trusted namespace, these labels are used internally for access control purposes by the security modules, and controls over userspace access to them require finer granularity than capable() supports.
c5013b3f