[fmac-discuss] FMAC support needed in file system?

[Mark Shellenbaum]

I would like to start a discussion on what is needed to
be stored in the file system (ZFS) to support FMAC.
It looks like you need a security context and PSID?

I have a number of questions about this.

- The security context is a string.  Is the string variable in size?
   Is there a max/min length?

- Is the security context just opaque data to the file system?

- Does every file/dir have a security context?  Will the same security
   context be used for multiple files or is it unique to every file
   system object?

- The PSID appears to be just a simple number, that only the kernel is
   concerned with.  Is this private to the file system, or does the FMAC
   code need to be able to retrieve it.

- Will a user application be setting the context or will it only be set
   by the kernel?

- What OpenSolaris privileges are required for setting the context.

- Would it be desirable to create the context at the time a file/dir is
   created?