Re: NFSv4

From: Stephen Smalley (sdsat_private)
Date: Mon Aug 06 2001 - 06:52:54 PDT

  • Next message: Stephen Smalley: "Re: NFSv4"

    On Sat, 4 Aug 2001, Crispin Cowan wrote:
    > Not yet, but they will be.  In the near term, the non-requirement for extended
    > attributes gives models like SELinux and SubDomain an advantage over more classical
    > security models like MLS, which require Security Labels[tm] on files.
    Just to clarify about SELinux, SELinux does assign security labels (but we
    call them security contexts, to avoid the common association with MLS) to
    files.  In the original SELinux prototype, we used a spare field in the
    ext2 on-disk inode to store an integer persistent security identifier
    (PSID) and we stored a mapping between PSIDs and security contexts in each
    file system.  In the LSM-based SELinux prototype, we maintain an
    additional mapping from inode numbers to PSIDs in each file system rather
    than using the spare field.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 06:54:30 PDT