Re: NFSv4

From: Stephen Smalley (sdsat_private)
Date: Mon Aug 06 2001 - 06:59:04 PDT

  • Next message: richard offer: "Re: Problems with some of the current hooks"

    On Sat, 4 Aug 2001, Jesse Pollard wrote:
    > There are many ways to get labels on files.
    >    2. put a label identifier in the inode (use an unused 32/64 bit field in
    >       the inode), then lookup the identifier in a keyed file on the same
    >       filesystem.
    The original SELinux prototype used this approach.  Specifically, we
    stored a persistent security identifier (PSID) in a spare field of the
    ext2 on-disk inode, maintained a file in each file system that
    maps PSIDs to (offset, length) pairs for the variable-length
    security contexts, and maintained a file in each file system with
    the actual security contexts.
    >    3. keep a key file containing the label indexed by inode (most generic) the
    >       key file must reside on the same media as the filesystem.
    The LSM-based SELinux prototype uses an approach similar to this one,
    but slightly different.  We have a file that maps inode numbers to PSIDs
    to replace our use of the spare field in the ext2 on-disk inode (since
    this isn't feasible using LSM), and then we still have the other
    two files for mapping PSIDs to contexts.
    > The advantage of 2 over 3 is that the same identifier may be used on multiple
    > files.
    You can achieve the same goal with #3 - you can keep the level of
    indirection provided by the identifiers (PSIDs).
    > The advantage of 3 over the rest is that it can be done on any filesystem that
    > has inode numbers on disk. This even includes the possiblity of using the inode
    > as a key to an identifier, which in turn is a key to the label.
    Yes, this is what the LSM-based SELinux prototype does.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 07:00:31 PDT