* [PATCH] (2/3) SELinux context mount support - NFS [not found] <Xine.LNX.4.44.0402040931480.4796@thoron.boston.redhat.com> @ 2004-02-04 15:31 ` James Morris 0 siblings, 0 replies; 5+ messages in thread From: James Morris @ 2004-02-04 15:31 UTC (permalink / raw) To: Andrew Morton, Alexander Viro Cc: Stephen Smalley, linux-kernel, selinux, Chris Wright, trond.myklebust This patch modifies the kernel's NFS mount data structure to include SELinux context mount data. It allows NFS fileystems to be labeled on a per-mountpoint basis, and should not affect existing versions of userspace mount. (A patch to the userspace mount code is available at http://people.redhat.com/jmorris/selinux/context_mounts/) include/linux/nfs_mount.h | 4 +++- 1 files changed, 3 insertions(+), 1 deletion(-) diff -urN -X dontdiff linux-2.6.2.p/include/linux/nfs_mount.h linux-2.6.2.w/include/linux/nfs_mount.h --- linux-2.6.2.p/include/linux/nfs_mount.h 2003-09-27 20:50:06.000000000 -0400 +++ linux-2.6.2.w/include/linux/nfs_mount.h 2004-02-04 09:08:10.306809336 -0500 @@ -20,7 +20,8 @@ * mount-to-kernel version compatibility. Some of these aren't used yet * but here they are anyway. */ -#define NFS_MOUNT_VERSION 5 +#define NFS_MOUNT_VERSION 6 +#define NFS_MAX_CONTEXT_LEN 256 struct nfs_mount_data { int version; /* 1 */ @@ -41,6 +42,7 @@ unsigned int bsize; /* 3 */ struct nfs3_fh root; /* 4 */ int pseudoflavor; /* 5 */ + char context[NFS_MAX_CONTEXT_LEN + 1]; /* 6 */ }; /* bits in the flags field */ -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] (2/3) SELinux context mount support - NFS @ 2004-02-04 15:31 ` James Morris 0 siblings, 0 replies; 5+ messages in thread From: James Morris @ 2004-02-04 15:31 UTC (permalink / raw) To: Andrew Morton, Alexander Viro Cc: Stephen Smalley, linux-kernel, selinux, Chris Wright, trond.myklebust This patch modifies the kernel's NFS mount data structure to include SELinux context mount data. It allows NFS fileystems to be labeled on a per-mountpoint basis, and should not affect existing versions of userspace mount. (A patch to the userspace mount code is available at http://people.redhat.com/jmorris/selinux/context_mounts/) include/linux/nfs_mount.h | 4 +++- 1 files changed, 3 insertions(+), 1 deletion(-) diff -urN -X dontdiff linux-2.6.2.p/include/linux/nfs_mount.h linux-2.6.2.w/include/linux/nfs_mount.h --- linux-2.6.2.p/include/linux/nfs_mount.h 2003-09-27 20:50:06.000000000 -0400 +++ linux-2.6.2.w/include/linux/nfs_mount.h 2004-02-04 09:08:10.306809336 -0500 @@ -20,7 +20,8 @@ * mount-to-kernel version compatibility. Some of these aren't used yet * but here they are anyway. */ -#define NFS_MOUNT_VERSION 5 +#define NFS_MOUNT_VERSION 6 +#define NFS_MAX_CONTEXT_LEN 256 struct nfs_mount_data { int version; /* 1 */ @@ -41,6 +42,7 @@ unsigned int bsize; /* 3 */ struct nfs3_fh root; /* 4 */ int pseudoflavor; /* 5 */ + char context[NFS_MAX_CONTEXT_LEN + 1]; /* 6 */ }; /* bits in the flags field */ ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] (2/3) SELinux context mount support - NFS 2004-02-04 15:31 ` James Morris (?) @ 2004-02-04 15:46 ` Christoph Hellwig 2004-02-04 15:56 ` Stephen Smalley -1 siblings, 1 reply; 5+ messages in thread From: Christoph Hellwig @ 2004-02-04 15:46 UTC (permalink / raw) To: James Morris Cc: Andrew Morton, Alexander Viro, Stephen Smalley, linux-kernel, selinux, Chris Wright, trond.myklebust On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote: > This patch modifies the kernel's NFS mount data structure to include > SELinux context mount data. It allows NFS fileystems to be labeled on a > per-mountpoint basis, and should not affect existing versions of > userspace mount. Wouldn't it better to integrate the NFS xattr code that SGI released under the GPL (it's IRIX, not linux code unfortunately) ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] (2/3) SELinux context mount support - NFS 2004-02-04 15:46 ` Christoph Hellwig @ 2004-02-04 15:56 ` Stephen Smalley 0 siblings, 0 replies; 5+ messages in thread From: Stephen Smalley @ 2004-02-04 15:56 UTC (permalink / raw) To: Christoph Hellwig Cc: James Morris, Andrew Morton, Alexander Viro, lkml, selinux, Chris Wright, trond.myklebust On Wed, 2004-02-04 at 10:46, Christoph Hellwig wrote: > On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote: > > This patch modifies the kernel's NFS mount data structure to include > > SELinux context mount data. It allows NFS fileystems to be labeled on a > > per-mountpoint basis, and should not affect existing versions of > > userspace mount. > > Wouldn't it better to integrate the NFS xattr code that SGI released under > the GPL (it's IRIX, not linux code unfortunately) That won't help with the case where the NFS server doesn't support the protocol extensions for xattr or where the NFS client doesn't want to trust contexts provided by the server. There is work in progress to add support for passing process and file contexts on NFS requests/replies, but that won't eliminate the need for this functionality for unmodified or untrusted NFS servers. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] (2/3) SELinux context mount support - NFS @ 2004-02-04 15:56 ` Stephen Smalley 0 siblings, 0 replies; 5+ messages in thread From: Stephen Smalley @ 2004-02-04 15:56 UTC (permalink / raw) To: Christoph Hellwig Cc: James Morris, Andrew Morton, Alexander Viro, lkml, selinux, Chris Wright, trond.myklebust On Wed, 2004-02-04 at 10:46, Christoph Hellwig wrote: > On Wed, Feb 04, 2004 at 10:31:51AM -0500, James Morris wrote: > > This patch modifies the kernel's NFS mount data structure to include > > SELinux context mount data. It allows NFS fileystems to be labeled on a > > per-mountpoint basis, and should not affect existing versions of > > userspace mount. > > Wouldn't it better to integrate the NFS xattr code that SGI released under > the GPL (it's IRIX, not linux code unfortunately) That won't help with the case where the NFS server doesn't support the protocol extensions for xattr or where the NFS client doesn't want to trust contexts provided by the server. There is work in progress to add support for passing process and file contexts on NFS requests/replies, but that won't eliminate the need for this functionality for unmodified or untrusted NFS servers. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-02-04 16:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <Xine.LNX.4.44.0402040931480.4796@thoron.boston.redhat.com>
2004-02-04 15:31 ` [PATCH] (2/3) SELinux context mount support - NFS James Morris
2004-02-04 15:31 ` James Morris
2004-02-04 15:46 ` Christoph Hellwig
2004-02-04 15:56 ` Stephen Smalley
2004-02-04 15:56 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.