On Mon, 2007-03-26 at 11:31 -0400, Jan Harkes wrote:
> On Sun, Mar 25, 2007 at 09:08:00PM -0400, Chris PeBenito wrote:
> > Does coda support extended attributes?  In particular I'd like to use
> > coda with SELinux systems, which uses the extended attributes (security
> > namespace) to store its labels.  I did some googling, but I only found a
> > thread from 1997 asking pretty much the same question, so my guess would
> > be no.
> 
> Extended attributes are not supported, and most likely will never be
> supported in Coda.
>
> There is no place in the existing meta-data structure for such
> information, it would only be useful for systems running SELinux.

Extended attributes are not limited to use by SELinux (or security in
general).  In fact Linux supported them before SELinux began using them.

> There is no equivalent on any of the other operating systems, and it is

IRIX is an example, which is why XFS has had it for a long time.
Windows also has extended attributes NTFS and CIFS.

> unclear what a non SELinux system should do if it encounters an extended
> attribute. I'm not even sure if it is appropriate, since such security
> labels define a local policy.

I don't agree with this last point.  If security was local to a machine,
there would never be anything like domains in Windows.  SELinux is
already building up infrastructure for network policies in the same
administrative domain, and also researching policies between
administrative domains.

-- 
Chris PeBenito
<pebenito_at_gentoo.org>
Developer,
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243