Re: NFSv4

• Previous message: jmjonesat_private: "Re: NFSv4"
• In reply to: jmjonesat_private: "Re: NFSv4"
• Next in thread: jmjonesat_private: "Re: NFSv4"
• Next in thread: richard offer: "Re: Making forward progress"
• Reply: jmjonesat_private: "Re: NFSv4"
• Reply: Jesse Pollard: "Re: NFSv4"
• Reply: Stephen Smalley: "Re: NFSv4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jmjonesat_private wrote:

> Actually, it does seem to be a similar problem, at least to me (I'm admittedly deep
> enough to get "the bends" here.)  Since you've moved this to a branch thread, I will
> pursue it briefly...

As a general practice, I try to re-label threads when branches appear.  The "making
progress thread" is ripe for that, as it addresses half a dozen issues at once.
Re-labeling the brances makes it easier for people to follow the issues they care
about.


> The question I'd next ask is (quite innocently): how would switching to authoritative
> hooks and moving all the in-kernel checks out to the module actually resolve this
> problem unless many hooks were moved even deeper (below VFS) ... ?

Well put.  I also don't see how the authoritative/restrictive duality, or the "move DAC
to module" idea, address this problem.  It looks to me like it requres some
enhancements to the VFS layer, which is beyond our scope.  I think that enhancing VFS
to get access to extended attributes is a fine thing, but will require cooperation with
other groups to get it done.


> Or (ick) does it require we also restructure/rewrite VFS and move IT out to the
> module, which is unacceptable to me.

I agree:  move VFS out is a non-starter.


> That's quite a can of worms.  Can we make some small changes now that would
> facilitate this later as vfs evolves?  Has anybody got a concrete example/suggestion
> of how this problem could be addressed now without restructuring the whole interface
> (and the kernel) specifically toward it?

I suspect the way it will play out is:

   * extended attribute file systems become more popular (NFSv4, EXT3, Reiser, etc.)
   * LSM wants to mediate the extended attributes
   * VFS gets enhanced to access extended attributes
   * LSM hooks get placed into the VFS extended attributes functions

> I'm not convinced that "special filesystems" are common enough to call them the
> "general case."

Not yet, but they will be.  In the near term, the non-requirement for extended
attributes gives models like SELinux and SubDomain an advantage over more classical
security models like MLS, which require Security Labels[tm] on files.

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.htm


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: NFSv4"
• Previous message: jmjonesat_private: "Re: NFSv4"
• In reply to: jmjonesat_private: "Re: NFSv4"
• Next in thread: jmjonesat_private: "Re: NFSv4"
• Next in thread: richard offer: "Re: Making forward progress"
• Reply: jmjonesat_private: "Re: NFSv4"
• Reply: Jesse Pollard: "Re: NFSv4"
• Reply: Stephen Smalley: "Re: NFSv4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 04 2001 - 13:49:34 PDT