The Samba-Bugzilla – Bug 7065
using the security.* namespace for NTACL in vfs_acl_xattr considered improper
Last modified: 2010-01-27 02:24:27 UTC
quoting simo from samba-techincal:
> Talking with Christoph Hellwig he said that security.* should *not* be
> used as it is reserved for LSM modules (like SeLinux).
> Looking at man 5 attr this is briefly hinted indeed, and after further
> discussion it became clear that we should used the trusted.* namespace
> instead as this is what the man page says about it:
> Trusted extended attributes are visible and accessible only
> to processes that have the CAP_SYS_ADMIN capability (the super
> user usually has this capability). Attributes in this class
> are used to implement mechanisms in user space (i.e., outside
> the kernel) which keep information in extended attributes to
> which ordinary processes should not have access.
> I think we should comply, and start moving NTACL to from security.NTACL
> to trusted.NTACL as soon as possible, before it get widely used.
There have been arguments on the list that there might be installations which already use the vfs modue and use the security.* name space. On the other hand I have not heard of a productive environment using it. In addition to that the man page explicitly states that the module is still experimental in the 3.4 series.
There has also been the argument that a future LSM module could be using the security.NTACL EA for storing the ACLs. I think the chances are now that a GNU Linux system will use the name NTACL to store NFS4 ACLs - the name will more likely be NFS4ACL or so.
In my opinion we should not violate the name space usage rules. With 3.5 we will have the first ready-to-use version of vfs_acl_xattr and we should use a proper namespace.
When a LSM module will come up in the future there will likely be a conversion to a different namespace anyway.
The security modules have been shipping using the security.* namespace since 3.2.x. This will not be changed.