NFSv4 (was: Making forward progress)

From: Crispin Cowan (crispinat_private)
Date: Sat Aug 04 2001 - 03:31:05 PDT

  • Next message: Serge E. Hallyn: "Re: Problems with some of the current hooks"

    jmjonesat_private wrote:
    > On Fri, 3 Aug 2001, Crispin Cowan wrote:
    > > Can someone summarize the alleged scary boodjum of NFSv4?  I'm not familiar
    > > with it, and don't know what the implications of it are that LSM would have to
    > > care about.
    > I've only read RFC 3010, so my understanding is sketchy...
    > RFC 3010 seems to specify in great detail support for Access Control, ACL,
    > and (imho) almost every other possible security model.
    > I don't know if it will "trickle down" to other fs's, thereby endangering
    > LSM, but it's pretty good reading.  It's probably a "software-life-cycle"
    > away from us right now... and implementation and general acceptance are
    > still questionable, but reading it and thinking about how it MIGHT affect
    > LSM is probably not wasted time.
    This makes it sound rather similar to the problem of supporting extended attributes
    in other file systems.  The main problem is that I don't think the VFS layer
    supports extended attributes.  That's a problem if we've got fancy file systems on
    one side of the abstraction waving extended attributes around, and LSM modules on
    the other side of the abstraction wishing they could see and manipulate those
    attributes, but unalbe to get to them.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution:
    Available for purchase:
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sat Aug 04 2001 - 03:31:29 PDT