Re: [PATCH] (2/3) SELinux context mount support - NFS

From: Stephen Smalley
Date: Wed Feb 04 2004 - 11:03:12 EST

Next message: John Rose: "Re: 2.6 probe.c "pcibus_class" Device Class, release function"
Previous message: Christoph Hellwig: "Re: [PATCH] (2/3) SELinux context mount support - NFS"
In reply to: Christoph Hellwig: "Re: [PATCH] (2/3) SELinux context mount support - NFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-02-04 at 10:46, Christoph Hellwig wrote:
> On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote:
> > This patch modifies the kernel's NFS mount data structure to include
> > SELinux context mount data. It allows NFS fileystems to be labeled on a
> > per-mountpoint basis, and should not affect existing versions of
> > userspace mount.
>
> Wouldn't it better to integrate the NFS xattr code that SGI released under
> the GPL (it's IRIX, not linux code unfortunately)

That won't help with the case where the NFS server doesn't support the
protocol extensions for xattr or where the NFS client doesn't want to
trust contexts provided by the server. There is work in progress to add
support for passing process and file contexts on NFS requests/replies,
but that won't eliminate the need for this functionality for unmodified
or untrusted NFS servers.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Rose: "Re: 2.6 probe.c "pcibus_class" Device Class, release function"
Previous message: Christoph Hellwig: "Re: [PATCH] (2/3) SELinux context mount support - NFS"
In reply to: Christoph Hellwig: "Re: [PATCH] (2/3) SELinux context mount support - NFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]