jmjonesat_private wrote: > On Fri, 3 Aug 2001, Crispin Cowan wrote: > > Can someone summarize the alleged scary boodjum of NFSv4? I'm not familiar > > with it, and don't know what the implications of it are that LSM would have to > > care about. > > I've only read RFC 3010, so my understanding is sketchy... > > RFC 3010 seems to specify in great detail support for Access Control, ACL, > and (imho) almost every other possible security model. > > I don't know if it will "trickle down" to other fs's, thereby endangering > LSM, but it's pretty good reading. It's probably a "software-life-cycle" > away from us right now... and implementation and general acceptance are > still questionable, but reading it and thinking about how it MIGHT affect > LSM is probably not wasted time. Thanks! This makes it sound rather similar to the problem of supporting extended attributes in other file systems. The main problem is that I don't think the VFS layer supports extended attributes. That's a problem if we've got fancy file systems on one side of the abstraction waving extended attributes around, and LSM modules on the other side of the abstraction wishing they could see and manipulate those attributes, but unalbe to get to them. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Aug 04 2001 - 03:31:29 PDT