(Illustration by Gaich Muramatsu)
On Sun, Mar 25, 2007 at 09:08:00PM -0400, Chris PeBenito wrote: > Does coda support extended attributes? In particular I'd like to use > coda with SELinux systems, which uses the extended attributes (security > namespace) to store its labels. I did some googling, but I only found a > thread from 1997 asking pretty much the same question, so my guess would > be no. Extended attributes are not supported, and most likely will never be supported in Coda. There is no place in the existing meta-data structure for such information, it would only be useful for systems running SELinux. There is no equivalent on any of the other operating systems, and it is unclear what a non SELinux system should do if it encounters an extended attribute. I'm not even sure if it is appropriate, since such security labels define a local policy. For instance Coda intentionally does not support setuid or setgid bits, the 'setuid' capability is a local policy and better implemented through a local mechanism. For instance, our webserver does have a need for some setuid cgi programs, and this functionality is implemented by having a non-setuid binary (foo.setuid) in /coda as well as a symlink to the 'super' application (foo -> /usr/bin/super). The super configuration file (/etc/supertab) then defines the local policies for running these applications. i.e. only allow setuid execution if the binary is in a known location and started by some specific local user/application, which user identity to use, and what environment variables are passed. JanReceived on 2007-03-26 11:33:00