David Boyes wrote:
>> Unless you are talking about something new of which I am unaware, this
> has
>> been implemented in Bacula for quite some time. It is enabled with
> the
>> "ACL
>> Support = yes" directive.
>
> No, extended attributes are much more than just ACLs. The current item
> in the list about using SAML to represent the attributes is closer to
> what he wants.
>
> Transforming platform-specific extended attributes into SAML would be
> the long-term way to do this, because then you could express any
> security or attribute relationship, not just SELinux contexts. I'd want
> them for dataset parameters for operating systems that require them, you
> could express the full Windows security management syntax, VSAM cluster
> information, etc, etc. It'd go beyond just the Unix semantics and really
> handle the entire set of metadata possibilities.
Of course, just to make things more interesting, while it's true that all
SELinux contexts are stored as extended attributes, not all extended
attributes are necessarily SELinux contexts. While I don't know of any other
popular uses offhand, there's nothing preventing them from being used to store
icons, user specified tags, or other such user specified metadata.
So in order to do handle SELinux as SAML representation, Bacula would have to
special case extended attributes of type 'security.selinux', the extended
attribute tag that stores the SELinux context.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-devel
