Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261710AbTEMQpD (ORCPT ); Tue, 13 May 2003 12:45:03 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262225AbTEMQpD (ORCPT ); Tue, 13 May 2003 12:45:03 -0400 Received: from neon-gw-l3.transmeta.com ([63.209.4.196]:63758 "EHLO neon-gw.transmeta.com") by vger.kernel.org with ESMTP id S261710AbTEMQo7 (ORCPT ); Tue, 13 May 2003 12:44:59 -0400 Date: Tue, 13 May 2003 09:57:13 -0700 (PDT) From: Linus Torvalds To: Alan Cox cc: David Howells , Linux Kernel Mailing List , , Subject: Re: [PATCH] in-core AFS multiplexor and PAG support In-Reply-To: <1052840663.463.64.camel@dhcp22.swansea.linux.org.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1462 Lines: 34 On 13 May 2003, Alan Cox wrote: > > With something like SELinux a PAG may belong to a role not to a user > even though other limits like processes probably belong to the user as a > whole. Hmm.. That doesn't make a lot of sense to me. A "user" is by definition what the unix filesystem considers to be the "atom of security". In fact, a "user" has no other meaning - except for the notion of "root", which is obviously special and has meaning outside of the scope of filesystems (and even here capabilities have tried to separate out that meaning from the "user" definition). But if we want to split up users into "roles", then sure, we can have a "role" that is shared across processes. But I think that for _usability_ we really want that to be _shared_ by default, and anybody who wants to split it should have to work at it. Exactly so that when you log in, and use your private key to mount some encrypted volume, _all_ your processes should by default get access to it. Even if the other ones were independent logins (another window with another ssh session to that machine). In other words: I really think usability should count very high on the list of requirements. Much higher than SELinux. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/