From: Eric Paris <eparis@redhat.com>
To: casey@schaufler-ca.com
Cc: steved@redhat.com, trond.myklebust@fys.uio.no,
nfs@lists.sourceforge.net, selinux@tycho.nsa.gov,
sds@tycho.nsa.gov
Subject: Re: [PATCH] 1/2 SELinux: Add get, set, and cloning of superblock security information
Date: Thu, 06 Sep 2007 12:34:11 -0400 [thread overview]
Message-ID: <1189096451.3418.14.camel@localhost.localdomain> (raw)
In-Reply-To: <214071.34429.qm@web36612.mail.mud.yahoo.com>
On Thu, 2007-09-06 at 09:28 -0700, Casey Schaufler wrote:
> --- Eric Paris <eparis@redhat.com> wrote:
>
> > On Thu, 2007-09-06 at 08:59 -0700, Casey Schaufler wrote:
> > > --- Eric Paris <eparis@redhat.com> wrote:
> > >
> > > > Adds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and
> > > > security_clont_sb_mnt_opts to the LSM and to SELinux. This is in
> > > > preparation for NFS to be able to own its own mount options and remove
> > > > the NFS specific code from SELinux.
> > >
> > > What is the purpose of security_clone_sb_mnt_opts? I see where it is
> > > being used, but it's not clear to me why it is necessary. The old SELinux
> > > code doesn't clone the options, it filters out the ones it cares about.
> > > If that is the behavior you'd expect of this hook, I suggest the name
> > > reflect that, perhaps security_filter_sb_mnt_opts.
> >
> > I'm not sure what you mean by filter and I don't know which code you are
> > referring to.
> >
> > At the moment the only user of clone is nfs nohide mounts. Given an
> > exports list like
> >
> > /export *()
> > /export/nohide *(nohide)
> >
> > where /export/nohide actually crosses a filesystem boundry the nfs
> > client will quietly mount the new export on your machine as soon as you
> > enter that directory. Assuming the user originally mounted /export with
> > some security options when nfs mounts this new export there needs to be
> > some way to propogate those security options forward to this new mount.
> > So the one usage of clone simply takes the security options from the
> > superblock related to /export and applies those to the new security
> > block related to /export/nohide
>
> That is perfectly sensible. Is the intent to clone all the mount options
> or just the security mount options? Inquiring LSM writers want to know.
I'd have to say the security ones. It is NFS's problem to make sure
that the options they understand are being handled correctly and I think
it is the security layers problem to make sure the options they
understand are being cloned. (I tried to make these pretty generic and
extensible for other LSM writers, especially get/set if anyone else
someday makes use of mount options....)
-Eric
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
WARNING: multiple messages have this Message-ID (diff)
From: Eric Paris <eparis@redhat.com>
To: casey@schaufler-ca.com
Cc: selinux@tycho.nsa.gov, nfs@lists.sourceforge.net,
sds@tycho.nsa.gov, jmorris@namei.org, steved@redhat.com,
trond.myklebust@fys.uio.no
Subject: Re: [PATCH] 1/2 SELinux: Add get, set, and cloning of superblock security information
Date: Thu, 06 Sep 2007 12:34:11 -0400 [thread overview]
Message-ID: <1189096451.3418.14.camel@localhost.localdomain> (raw)
In-Reply-To: <214071.34429.qm@web36612.mail.mud.yahoo.com>
On Thu, 2007-09-06 at 09:28 -0700, Casey Schaufler wrote:
> --- Eric Paris <eparis@redhat.com> wrote:
>
> > On Thu, 2007-09-06 at 08:59 -0700, Casey Schaufler wrote:
> > > --- Eric Paris <eparis@redhat.com> wrote:
> > >
> > > > Adds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and
> > > > security_clont_sb_mnt_opts to the LSM and to SELinux. This is in
> > > > preparation for NFS to be able to own its own mount options and remove
> > > > the NFS specific code from SELinux.
> > >
> > > What is the purpose of security_clone_sb_mnt_opts? I see where it is
> > > being used, but it's not clear to me why it is necessary. The old SELinux
> > > code doesn't clone the options, it filters out the ones it cares about.
> > > If that is the behavior you'd expect of this hook, I suggest the name
> > > reflect that, perhaps security_filter_sb_mnt_opts.
> >
> > I'm not sure what you mean by filter and I don't know which code you are
> > referring to.
> >
> > At the moment the only user of clone is nfs nohide mounts. Given an
> > exports list like
> >
> > /export *()
> > /export/nohide *(nohide)
> >
> > where /export/nohide actually crosses a filesystem boundry the nfs
> > client will quietly mount the new export on your machine as soon as you
> > enter that directory. Assuming the user originally mounted /export with
> > some security options when nfs mounts this new export there needs to be
> > some way to propogate those security options forward to this new mount.
> > So the one usage of clone simply takes the security options from the
> > superblock related to /export and applies those to the new security
> > block related to /export/nohide
>
> That is perfectly sensible. Is the intent to clone all the mount options
> or just the security mount options? Inquiring LSM writers want to know.
I'd have to say the security ones. It is NFS's problem to make sure
that the options they understand are being handled correctly and I think
it is the security layers problem to make sure the options they
understand are being cloned. (I tried to make these pretty generic and
extensible for other LSM writers, especially get/set if anyone else
someday makes use of mount options....)
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-09-06 16:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-05 22:16 [PATCH] 1/2 SELinux: Add get, set, and cloning of superblock security information Eric Paris
2007-09-05 22:16 ` Eric Paris
[not found] ` <1189030563.3460.41.camel-8EcGF3LoIEk5T7vyJU6V4x/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2007-09-06 15:59 ` Casey Schaufler
2007-09-06 15:59 ` Casey Schaufler
2007-09-06 16:15 ` Eric Paris
2007-09-06 16:15 ` Eric Paris
[not found] ` <1189095312.3418.9.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2007-09-06 16:28 ` Casey Schaufler
2007-09-06 16:28 ` Casey Schaufler
2007-09-06 16:34 ` Eric Paris [this message]
2007-09-06 16:34 ` Eric Paris
2007-09-06 18:33 ` Stephen Smalley
2007-09-06 18:33 ` Stephen Smalley
2007-09-06 19:21 ` Eric Paris
2007-09-06 19:21 ` Eric Paris
2007-09-06 19:59 ` Stephen Smalley
2007-09-06 19:59 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1189096451.3418.14.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=nfs@lists.sourceforge.net \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=steved@redhat.com \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.