* [PATCH] (2/3) SELinux context mount support - NFS
[not found] <Xine.LNX.4.44.0402040931480.4796@thoron.boston.redhat.com>
@ 2004-02-04 15:31 ` James Morris
0 siblings, 0 replies; 5+ messages in thread
From: James Morris @ 2004-02-04 15:31 UTC (permalink / raw)
To: Andrew Morton, Alexander Viro
Cc: Stephen Smalley, linux-kernel, selinux, Chris Wright,
trond.myklebust
This patch modifies the kernel's NFS mount data structure to include
SELinux context mount data. It allows NFS fileystems to be labeled on a
per-mountpoint basis, and should not affect existing versions of
userspace mount.
(A patch to the userspace mount code is available at
http://people.redhat.com/jmorris/selinux/context_mounts/)
include/linux/nfs_mount.h | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)
diff -urN -X dontdiff linux-2.6.2.p/include/linux/nfs_mount.h linux-2.6.2.w/include/linux/nfs_mount.h
--- linux-2.6.2.p/include/linux/nfs_mount.h 2003-09-27 20:50:06.000000000 -0400
+++ linux-2.6.2.w/include/linux/nfs_mount.h 2004-02-04 09:08:10.306809336 -0500
@@ -20,7 +20,8 @@
* mount-to-kernel version compatibility. Some of these aren't used yet
* but here they are anyway.
*/
-#define NFS_MOUNT_VERSION 5
+#define NFS_MOUNT_VERSION 6
+#define NFS_MAX_CONTEXT_LEN 256
struct nfs_mount_data {
int version; /* 1 */
@@ -41,6 +42,7 @@
unsigned int bsize; /* 3 */
struct nfs3_fh root; /* 4 */
int pseudoflavor; /* 5 */
+ char context[NFS_MAX_CONTEXT_LEN + 1]; /* 6 */
};
/* bits in the flags field */
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] (2/3) SELinux context mount support - NFS
@ 2004-02-04 15:31 ` James Morris
0 siblings, 0 replies; 5+ messages in thread
From: James Morris @ 2004-02-04 15:31 UTC (permalink / raw)
To: Andrew Morton, Alexander Viro
Cc: Stephen Smalley, linux-kernel, selinux, Chris Wright,
trond.myklebust
This patch modifies the kernel's NFS mount data structure to include
SELinux context mount data. It allows NFS fileystems to be labeled on a
per-mountpoint basis, and should not affect existing versions of
userspace mount.
(A patch to the userspace mount code is available at
http://people.redhat.com/jmorris/selinux/context_mounts/)
include/linux/nfs_mount.h | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)
diff -urN -X dontdiff linux-2.6.2.p/include/linux/nfs_mount.h linux-2.6.2.w/include/linux/nfs_mount.h
--- linux-2.6.2.p/include/linux/nfs_mount.h 2003-09-27 20:50:06.000000000 -0400
+++ linux-2.6.2.w/include/linux/nfs_mount.h 2004-02-04 09:08:10.306809336 -0500
@@ -20,7 +20,8 @@
* mount-to-kernel version compatibility. Some of these aren't used yet
* but here they are anyway.
*/
-#define NFS_MOUNT_VERSION 5
+#define NFS_MOUNT_VERSION 6
+#define NFS_MAX_CONTEXT_LEN 256
struct nfs_mount_data {
int version; /* 1 */
@@ -41,6 +42,7 @@
unsigned int bsize; /* 3 */
struct nfs3_fh root; /* 4 */
int pseudoflavor; /* 5 */
+ char context[NFS_MAX_CONTEXT_LEN + 1]; /* 6 */
};
/* bits in the flags field */
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] (2/3) SELinux context mount support - NFS
2004-02-04 15:31 ` James Morris
(?)
@ 2004-02-04 15:46 ` Christoph Hellwig
2004-02-04 15:56 ` Stephen Smalley
-1 siblings, 1 reply; 5+ messages in thread
From: Christoph Hellwig @ 2004-02-04 15:46 UTC (permalink / raw)
To: James Morris
Cc: Andrew Morton, Alexander Viro, Stephen Smalley, linux-kernel,
selinux, Chris Wright, trond.myklebust
On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote:
> This patch modifies the kernel's NFS mount data structure to include
> SELinux context mount data. It allows NFS fileystems to be labeled on a
> per-mountpoint basis, and should not affect existing versions of
> userspace mount.
Wouldn't it better to integrate the NFS xattr code that SGI released under
the GPL (it's IRIX, not linux code unfortunately)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] (2/3) SELinux context mount support - NFS
2004-02-04 15:46 ` Christoph Hellwig
@ 2004-02-04 15:56 ` Stephen Smalley
0 siblings, 0 replies; 5+ messages in thread
From: Stephen Smalley @ 2004-02-04 15:56 UTC (permalink / raw)
To: Christoph Hellwig
Cc: James Morris, Andrew Morton, Alexander Viro, lkml, selinux,
Chris Wright, trond.myklebust
On Wed, 2004-02-04 at 10:46, Christoph Hellwig wrote:
> On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote:
> > This patch modifies the kernel's NFS mount data structure to include
> > SELinux context mount data. It allows NFS fileystems to be labeled on a
> > per-mountpoint basis, and should not affect existing versions of
> > userspace mount.
>
> Wouldn't it better to integrate the NFS xattr code that SGI released under
> the GPL (it's IRIX, not linux code unfortunately)
That won't help with the case where the NFS server doesn't support the
protocol extensions for xattr or where the NFS client doesn't want to
trust contexts provided by the server. There is work in progress to add
support for passing process and file contexts on NFS requests/replies,
but that won't eliminate the need for this functionality for unmodified
or untrusted NFS servers.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] (2/3) SELinux context mount support - NFS
@ 2004-02-04 15:56 ` Stephen Smalley
0 siblings, 0 replies; 5+ messages in thread
From: Stephen Smalley @ 2004-02-04 15:56 UTC (permalink / raw)
To: Christoph Hellwig
Cc: James Morris, Andrew Morton, Alexander Viro, lkml, selinux,
Chris Wright, trond.myklebust
On Wed, 2004-02-04 at 10:46, Christoph Hellwig wrote:
> On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote:
> > This patch modifies the kernel's NFS mount data structure to include
> > SELinux context mount data. It allows NFS fileystems to be labeled on a
> > per-mountpoint basis, and should not affect existing versions of
> > userspace mount.
>
> Wouldn't it better to integrate the NFS xattr code that SGI released under
> the GPL (it's IRIX, not linux code unfortunately)
That won't help with the case where the NFS server doesn't support the
protocol extensions for xattr or where the NFS client doesn't want to
trust contexts provided by the server. There is work in progress to add
support for passing process and file contexts on NFS requests/replies,
but that won't eliminate the need for this functionality for unmodified
or untrusted NFS servers.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-02-04 16:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <Xine.LNX.4.44.0402040931480.4796@thoron.boston.redhat.com>
2004-02-04 15:31 ` [PATCH] (2/3) SELinux context mount support - NFS James Morris
2004-02-04 15:31 ` James Morris
2004-02-04 15:46 ` Christoph Hellwig
2004-02-04 15:56 ` Stephen Smalley
2004-02-04 15:56 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.