On Wed, 2004-10-27 at 16:44, Nifty Hat Mitch wrote: > You might look at the mechanism that SELinux takes advantage of > extended attributes in the inode for your experiment. > > For example ls has the flags -Z and --lcontext. > $ ls --lcontext / > total 339 > drwxr-xr-x 6 system_u:object_r:default_t root root 4096 Apr 10 2004 b > .... > > By taking advandage of existing extended atributes you will not break > the filesystem structure and the additional data is only > important when your kernel changes inspect, check, and modify > your attribute. Right, you likely don't need to add a field to the inode structure; you can already associate arbitrary data with an inode via the existing extended attribute support without requiring any changes to the kernel, on-disk format, etc. 'man 5 attr' -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
