Subject: Re: [Keyrings] [PATCH] Keys: Add LSM hooks for key management
From: Stephen Smalley <sds@tycho.nsa.gov>
To: David Howells <dhowells@redhat.com>
Cc: Chris Wright <chrisw@osdl.org>, James Morris <jmorris@namei.org>,
       Andrew Morton <akpm@osdl.org>, Linus Torvalds <torvalds@osdl.org>,
       keyrings@linux-nfs.org, linux-kernel@vger.kernel.org
In-Reply-To: <21866.1128676205@warthog.cambridge.redhat.com>
References: <20051006175817.GK16352@shell0.pdx.osdl.net>
	 <Pine.LNX.4.63.0510060346140.25593@excalibur.intercode>
	 <29942.1128529714@warthog.cambridge.redhat.com>
	 <20051005211030.GC16352@shell0.pdx.osdl.net>
	 <23333.1128596048@warthog.cambridge.redhat.com>
	 <21866.1128676205@warthog.cambridge.redhat.com>
Content-Type: text/plain
Organization: National Security Agency
Date: Fri, 07 Oct 2005 08:59:34 -0400
Message-Id: <1128689974.1450.9.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 876
Lines: 20

On Fri, 2005-10-07 at 10:10 +0100, David Howells wrote:
> I don't know. As far as I know, setxattr and co can be used to set and
> retrieve security data on files. I thought it would be desirable to have
> similar for keys. If not, I can remove both calls/hooks for the time being.

I agree that enabling security-aware applications to separately label
specific keys is desirable, so I'd suggest retaining that support, not
dropping it.  We ultimately need the same support for all kernel objects
(we lost it for sockets and System V IPC when the old SELinux API had to
be dropped).  

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/