On Fri, 3 Aug 2001 Valdis.Kletnieksat_private wrote: > Are you prepared to tell the customers down the road "You can use NFSv4, > or you can use LSM, but you can't get LSM support for securing NFSv4 because > the LSM folks thought NFSv4 was clearly out of scope?" I suppose I wasn't clear. A security module can use LSM to enforce additional access controls on NFS file systems in the same manner as for other file systems - using the existing hooks in the VFS layer. My point is that LSM shouldn't try to solve NFSv4's DAC problems. That is out of our scope. > If NFSv4 is *clearly* out of scope, I'll propose that the networking hooks > are out of scope too. After all, anybody who cares about security doesn't > hook their boxes up to the wire, right? ;) That doesn't follow. LSM provides hooks to control access to the various kernel objects (files, sockets, network interfaces, etc). -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:57:31 PDT