Extended attribute interfaces
Marius Bendiksen
mbendiks at eunet.no
Thu Sep 21 18:37:03 GMT 2000
> I was about to complain that a scheme which doesn't support
> trusted application sub-systems is of limited value when it
> occurred to me that there's an obvious solution.
[ snipped obvious solution ]
This occured to me about five minutes ago, while discussing
with Robert. You would want multiple hierarchies, though I'd
prefer to use the long prefixes.
system.* Contain all system metadata for an object
native.* Contains the binary representation of the above
trusted.* Contains data accessible only by special programs
user.* Contains data accessible as stated by DACL
I would prefer to have the trusted.* hierarchy also subjected to DAC,
rather than just MAC/CAP.
There are other hierarchies that would make sense too.
Marius
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list