Redux: PSARC/2009/348 Security Labels for ZFS
Ric Aleshire
ric.aleshire at sun.com
Wed Jun 17 14:40:04 PDT 2009
Tim Haley wrote:
> Two comments/requests from the ZFS team.
>
> 1) Please choose a more descriptive name for the property than 'slabel'.
> Perhaps "securitylabel" or "seclabel" or something else?
The property will be named "mlslabel" (MLS = multi-level security), and the
updated spec will reflect this and explain the terminology. This is
chosen in
part due to considerations about distinguishing from other types of security
labels (e.g. FMAC).
> 2) Please make the property either not delegate-able or fully
> delegate-able.
> By fully delegate-able we mean, no other privilege required if you've
> been delegated permission to manipulate the property.
Accepted; the spec will be updated to reflect that mlslabel is specifically
not delegatable.
-Ric
More information about the opensolaris-arc
mailing list