On Fri, 03 Aug 2001 12:56:05 EDT, Stephen Smalley said: > I suppose I wasn't clear. A security module can use LSM to enforce > additional access controls on NFS file systems in the same manner as for > other file systems - using the existing hooks in the VFS layer. My > point is that LSM shouldn't try to solve NFSv4's DAC problems. That > is out of our scope. Is all the information needed available in the VFS layer, or do we need to capture metadata at the NFSv4 layer as well, to do it right? Or should we just make sure to coordinate with the NFSv4 team to ensure that they keep the info we need around? > That doesn't follow. LSM provides hooks to control access to the > various kernel objects (files, sockets, network interfaces, etc). Sorry, it *did* sort of follow, when your first posting wasn't clear, and made it sound almost like we didn't need to worry about hooking files if they happened to live on NFSv4.... /Valdis
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 10:05:56 PDT