[Ocfs2-devel] [RFC] The reflink(2) system call v4.
James Morris
jmorris at namei.org
Fri May 15 06:35:09 PDT 2009
On Fri, 15 May 2009, Stephen Smalley wrote:
> The create_sid is not relevant in the preserve_security==1 case; the
> filesystem will always preserve the security context from the original
> inode on the new inode in that case. The create_sid won't ever be used
> in that case, as it only gets applied if the filesystem calls
> security_inode_init_security() to obtain the attribute (name, value)
> pair for a new inode, and the filesystem will only do that in the
> preserve_security==0 case.
Ok. Does this break the idea of create_sid, though? i.e. it will be
ignored when a new file is created via reflink(), potentially allowing DAC
to determine whether MAC labeling policy is enforced, and is also not
consistent with the way fsuid is handled.
- James
--
James Morris
<jmorris at namei.org>
More information about the Ocfs2-devel
mailing list