Bug 7065 - using the security.* namespace for NTACL in vfs_acl_xattr considered improper
using the security.* namespace for NTACL in vfs_acl_xattr considered improper
Product: Samba 3.5
Classification: Unclassified
Component: File services
Other All
: P3 regression
: ---
Assigned To: Jeremy Allison
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2010-01-26 10:37 UTC by Björn Jacke
Modified: 2010-01-27 02:24 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2010-01-26 10:37:21 UTC
quoting simo from samba-techincal:

> Talking with Christoph Hellwig he said that security.* should *not* be
> used as it is reserved for LSM modules (like SeLinux).
> Looking at man 5 attr this is briefly hinted indeed, and after further
> discussion it became clear that we should used the trusted.* namespace
> instead as this is what the man page says about it:
>         Trusted  extended  attributes  are  visible and accessible only
>         to processes that have the CAP_SYS_ADMIN capability (the super
>         user  usually has  this  capability).  Attributes in this class
>         are used to implement mechanisms in user space (i.e., outside
>         the kernel) which keep information in extended attributes to
>         which ordinary processes should not have access.
> I think we should comply, and start moving NTACL to from security.NTACL
> to trusted.NTACL as soon as possible, before it get widely used.

There have been arguments on the list that there might be installations which already use the vfs modue and use the security.* name space. On the other hand I have not heard of a productive environment using it. In addition to that the man page explicitly states that the module is still experimental in the 3.4 series.

There has also been the argument that a future LSM module could be using the security.NTACL EA for storing the ACLs. I think the chances are now that a GNU Linux system will use the name NTACL to store NFS4 ACLs - the name will more likely be NFS4ACL or so.

In my opinion we should not violate the name space usage rules. With 3.5 we will have the first ready-to-use version of vfs_acl_xattr and we should use a proper namespace.

When a LSM module will come up in the future there will likely be a conversion to a different namespace anyway.
Comment 1 Jeremy Allison 2010-01-26 12:10:06 UTC
The security modules have been shipping using the security.* namespace since 3.2.x. This will not be changed.