Re: NFSv4

From: Crispin Cowan (crispinat_private)
Date: Sat Aug 04 2001 - 13:48:10 PDT

  • Next message: jmjonesat_private: "Re: NFSv4"

    jmjonesat_private wrote:
    > Actually, it does seem to be a similar problem, at least to me (I'm admittedly deep
    > enough to get "the bends" here.)  Since you've moved this to a branch thread, I will
    > pursue it briefly...
    As a general practice, I try to re-label threads when branches appear.  The "making
    progress thread" is ripe for that, as it addresses half a dozen issues at once.
    Re-labeling the brances makes it easier for people to follow the issues they care
    > The question I'd next ask is (quite innocently): how would switching to authoritative
    > hooks and moving all the in-kernel checks out to the module actually resolve this
    > problem unless many hooks were moved even deeper (below VFS) ... ?
    Well put.  I also don't see how the authoritative/restrictive duality, or the "move DAC
    to module" idea, address this problem.  It looks to me like it requres some
    enhancements to the VFS layer, which is beyond our scope.  I think that enhancing VFS
    to get access to extended attributes is a fine thing, but will require cooperation with
    other groups to get it done.
    > Or (ick) does it require we also restructure/rewrite VFS and move IT out to the
    > module, which is unacceptable to me.
    I agree:  move VFS out is a non-starter.
    > That's quite a can of worms.  Can we make some small changes now that would
    > facilitate this later as vfs evolves?  Has anybody got a concrete example/suggestion
    > of how this problem could be addressed now without restructuring the whole interface
    > (and the kernel) specifically toward it?
    I suspect the way it will play out is:
       * extended attribute file systems become more popular (NFSv4, EXT3, Reiser, etc.)
       * LSM wants to mediate the extended attributes
       * VFS gets enhanced to access extended attributes
       * LSM hooks get placed into the VFS extended attributes functions
    > I'm not convinced that "special filesystems" are common enough to call them the
    > "general case."
    Not yet, but they will be.  In the near term, the non-requirement for extended
    attributes gives models like SELinux and SubDomain an advantage over more classical
    security models like MLS, which require Security Labels[tm] on files.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution:
    Available for purchase:
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sat Aug 04 2001 - 13:49:34 PDT