![]() ![]() On systems with open name spaces, such as Mac OS X, these features are enabled through the mount option streams_interface=openxattr. Some Linux distributions and most other operating systems do not support a compatible extended attribute interface. Your operating system has to provide an extended attribute interface for the features referenced on this page to be available. With this option (activated by default), the four name spaces are supported by ntfs-3g on Linux. The extended attributes are enabled through the mount option streams_interface=xattr. They can be retrieved and set through system calls ( getxattr(2), setxattr(2), removexattr(2)) or shell commands ( getfattr(1), setfattr(1)), provided appropriate access conditions are met: However a high-level language may hide the system prefixing so that, for instance, the user.mime_type attribute name would appear as " mime_type" in a source code. Examples of extended attribute names are linux, system.posix_acl_access or user.mime_type. The names of the extended attributes must be prefixed by the name of the category and a dot, hence these categories are generally qualified as name spaces. user : to record properties defined by applications.system : to record other system related properties on which the file owner has some control,.security : to record security properties of a file,.trusted : to record properties which should only be accessed by the kernel,. ![]() On Linux, specifically, four categories of extended attributes have been defined: They are supported by operating systems such as Windows, Linux, Solaris, MacOSX and others, with variations. This is why not many Linux systems have adopted SELinux in enforcing mode.Extended attributes are properties organized in (name, value) pairs, optionally set to files or directories in order to record information which cannot be stored in the file itself. Writing an SELinux policy is very complex if you want it to let you actually run the system, let alone provide additional security. When a subject (process) attempts to access an object (file), the kernel checks whether the SELinux policy allows the subject's context to access the object. Files also have a security context which is computed from their security label. ![]() ![]() Running processes have a security context which is computed from the security label on the executable and the context of the caller.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |