Re: Making forward progress

From: Valdis.Kletnieksat_private
Date: Fri Aug 03 2001 - 10:04:45 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: Making forward progress"

    On Fri, 03 Aug 2001 12:56:05 EDT, Stephen Smalley said:
    
    > I suppose I wasn't clear.  A security module can use LSM to enforce
    > additional access controls on NFS file systems in the same manner as for
    > other file systems - using the existing hooks in the VFS layer.  My
    > point is that LSM shouldn't try to solve NFSv4's DAC problems.  That
    > is out of our scope.
    
    Is all the information needed available in the VFS layer, or do we need
    to capture metadata at the NFSv4 layer as well, to do it right?  Or
    should we just make sure to coordinate with the NFSv4 team to ensure that
    they keep the info we need around?
    
    > That doesn't follow.  LSM provides hooks to control access to the
    > various kernel objects (files, sockets, network interfaces, etc).
    
    Sorry, it *did* sort of follow, when your first posting wasn't clear, and
    made it sound almost like we didn't need to worry about hooking files if
    they happened to live on NFSv4....
    
    /Valdis
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 10:05:56 PDT