Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

[David Quigley]

Hello Everyone,

The meeting info and agenda is listed below. I will try to have the 
google+ hangout posted and running a half an hour before the meeting so 
people can join. just add me to a circle and I will add you to my LNFS 
Meeting circle and send out the invite. You can add me earlier in the 
day if you like I should be able to add people whenever.


Time: Thursday Dec 20th 10:00pm-12:00pm (The latest) Eastern
			8:00pm-10:00pm Central
			7:00pm-9:00pm Pacific
       Friday Dec 21st 11:00am-1:00pm Singapore

Where: Google+ Hangout Hosted by +SELinux or +Dave Quigley (If you see 
a blue 350z you have the right dave quigley).




Proposed Agenda
-------------------------

+ Discuss merge windows and which one we'd like to target

Do we want to shoot for 3.9 or will we attempt to implement the 
remaining features and go for 3.10

+ Discuss current feedback from Bruce Fields

Patch 1/13: Cleanup comment for dentry_init_security
Patch 2/13: Cleanup comment to reflect that xattrs aren't being used in 
the protocol.
Patch 5/13: Add warning that the functionality is highly experimental 
and still volatile.
Patch 7/13: Concern about nfs4_label_alloc doing higher order 
allocations (more than 4096).
Patch 10/13: Investigate removing ifdefs from server code and making 
sure that nfs_server_capable and other functions handle it being 
configured off.
Patch 13/13: Similar comments about removing ifdefs if possible and 
hiding it away in other areas. Find out why security_inode_setsecctx may 
fail and see if it can in its usecase here. Remove BUGONs and cleanup 
whitespace.


+ Discuss current feedback from Trond Myklebust

Trond commented about changing the definition of encode_getfattr. He 
would rather instead of modifying getfattr we mimic 
encode/decode_fsinfo. We should look at that and determine what to do.

+ Discuss implementing remaining features from NFSv4.2 specification

Attribute change notification
RPCSECGSSv3?

+ Discuss viability of future every other week meetings

Re: Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

[Casey Schaufler]

On 12/20/2012 12:41 PM, David Quigley wrote:
> Hello Everyone,
>
> The meeting info and agenda is listed below. I will try to have the
> google+ hangout posted and running a half an hour before the meeting
> so people can join. just add me to a circle and I will add you to my
> LNFS Meeting circle and send out the invite. You can add me earlier in
> the day if you like I should be able to add people whenever.
>
>
> Time: Thursday Dec 20th 10:00pm-12:00pm (The latest) Eastern
>             8:00pm-10:00pm Central
>             7:00pm-9:00pm Pacific
>       Friday Dec 21st 11:00am-1:00pm Singapore
>
> Where: Google+ Hangout Hosted by +SELinux or +Dave Quigley (If you see
> a blue 350z you have the right dave quigley).
>
>
>
>
> Proposed Agenda
> -------------------------
>
> + Discuss merge windows and which one we'd like to target
>
> Do we want to shoot for 3.9 or will we attempt to implement the
> remaining features and go for 3.10
>
> + Discuss current feedback from Bruce Fields
>
> Patch 1/13: Cleanup comment for dentry_init_security
> Patch 2/13: Cleanup comment to reflect that xattrs aren't being used
> in the protocol.
> Patch 5/13: Add warning that the functionality is highly experimental
> and still volatile.
> Patch 7/13: Concern about nfs4_label_alloc doing higher order
> allocations (more than 4096).
> Patch 10/13: Investigate removing ifdefs from server code and making
> sure that nfs_server_capable and other functions handle it being
> configured off.
> Patch 13/13: Similar comments about removing ifdefs if possible and
> hiding it away in other areas. Find out why security_inode_setsecctx
> may fail and see if it can in its usecase here. Remove BUGONs and
> cleanup whitespace.
>
>
> + Discuss current feedback from Trond Myklebust
>
> Trond commented about changing the definition of encode_getfattr. He
> would rather instead of modifying getfattr we mimic
> encode/decode_fsinfo. We should look at that and determine what to do.
>
> + Discuss implementing remaining features from NFSv4.2 specification
>
> Attribute change notification
> RPCSECGSSv3?
>
> + Discuss viability of future every other week meetings
>
I can't make to meeting today. I am still trying to track down why it's
not working with Smack. It is not sufficient to add CAP_MAC_ADMIN to
nfsd. The missing capability is CAP_MAC_OVERRIDE, according to the audit
trail. I would like to see Smack support as a goal, even if for a future
release.

Thank you.

Re: Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

[Steve Dickson]

I can seem to find the hangout...

steved.

On 20/12/12 15:41, David Quigley wrote:
> Hello Everyone,
> 
> The meeting info and agenda is listed below. I will try to have the google+ hangout posted and running a half an hour before the meeting so people can join. just add me to a circle and I will add you to my LNFS Meeting circle and send out the invite. You can add me earlier in the day if you like I should be able to add people whenever.
> 
> 
> Time: Thursday Dec 20th 10:00pm-12:00pm (The latest) Eastern
>             8:00pm-10:00pm Central
>             7:00pm-9:00pm Pacific
>       Friday Dec 21st 11:00am-1:00pm Singapore
> 
> Where: Google+ Hangout Hosted by +SELinux or +Dave Quigley (If you see a blue 350z you have the right dave quigley).
> 
> 
> 
> 
> Proposed Agenda
> -------------------------
> 
> + Discuss merge windows and which one we'd like to target
> 
> Do we want to shoot for 3.9 or will we attempt to implement the remaining features and go for 3.10
> 
> + Discuss current feedback from Bruce Fields
> 
> Patch 1/13: Cleanup comment for dentry_init_security
> Patch 2/13: Cleanup comment to reflect that xattrs aren't being used in the protocol.
> Patch 5/13: Add warning that the functionality is highly experimental and still volatile.
> Patch 7/13: Concern about nfs4_label_alloc doing higher order allocations (more than 4096).
> Patch 10/13: Investigate removing ifdefs from server code and making sure that nfs_server_capable and other functions handle it being configured off.
> Patch 13/13: Similar comments about removing ifdefs if possible and hiding it away in other areas. Find out why security_inode_setsecctx may fail and see if it can in its usecase here. Remove BUGONs and cleanup whitespace.
> 
> 
> + Discuss current feedback from Trond Myklebust
> 
> Trond commented about changing the definition of encode_getfattr. He would rather instead of modifying getfattr we mimic encode/decode_fsinfo. We should look at that and determine what to do.
> 
> + Discuss implementing remaining features from NFSv4.2 specification
> 
> Attribute change notification
> RPCSECGSSv3?
> 
> + Discuss viability of future every other week meetings

Re: Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

[Dave Quigley]

The notes below summarize what we decided during out last meeting. It 
also has our next meeting date. There are some more issues that need to 
be fixes


Shooting for merge window 3.9.

List of things to do:

Add warning fixup patch into tree (Dave Q)
Patch to cleanup comment for dentry_init_security (Dave Q)
Patch to cleanup comment to reflect that xattrs aren’t being used in the 
protocol (ismaclabel lsm hook) (Dave Q)

Patch to remove export option (SteveD)
Patch to fix ifdefs in client (SteveD)
Patch to fix ifdefs in server (SteveD)
Patch to remove bugons (Dave)

Rodel:

Work on making our attribute encoding/decoding work more like 
encode/decode_fsinfo. This means removing the extend fattr to use 3rd 
word patch and instead placing the information inside an op specific struct.
Work on Attribute change notification:
Smaller patches if possible (client, server, support, etc...)

Leaving RPCSECGSSv3 for now.

January 10th next Meeting.

Dave

Re: Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

[Dave Quigley]

The notes below summarize what we decided during out last meeting. It 
also has our next meeting date. There are some more issues that need to 
be fixes


Shooting for merge window 3.9.

List of things to do:

Add warning fixup patch into tree (Dave Q)
Patch to cleanup comment for dentry_init_security (Dave Q)
Patch to cleanup comment to reflect that xattrs aren’t being used in the 
protocol (ismaclabel lsm hook) (Dave Q)

Patch to remove export option (SteveD)
Patch to fix ifdefs in client (SteveD)
Patch to fix ifdefs in server (SteveD)
Patch to remove bugons (Dave)

Rodel:

Work on making our attribute encoding/decoding work more like 
encode/decode_fsinfo. This means removing the extend fattr to use 3rd 
word patch and instead placing the information inside an op specific struct.
Work on Attribute change notification:
Smaller patches if possible (client, server, support, etc...)

Leaving RPCSECGSSv3 for now.

January 10th next Meeting.

Dave

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Labeled NFS Meeting Info for Tonight Dec 20/Dec 21st for our friends in Singapore

[Rodel Miguel]

On Tue, Dec 25, 2012 at 12:39 PM, Dave Quigley <dpquigl@davequigley.com> wrote:
> The notes below summarize what we decided during out last meeting. It also
> has our next meeting date. There are some more issues that need to be fixes
>
>
> Shooting for merge window 3.9.
>
> List of things to do:
>
> Add warning fixup patch into tree (Dave Q)
> Patch to cleanup comment for dentry_init_security (Dave Q)
> Patch to cleanup comment to reflect that xattrs aren’t being used in the
> protocol (ismaclabel lsm hook) (Dave Q)
>
> Patch to remove export option (SteveD)
> Patch to fix ifdefs in client (SteveD)
> Patch to fix ifdefs in server (SteveD)
> Patch to remove bugons (Dave)
>
> Rodel:
>
> Work on making our attribute encoding/decoding work more like
> encode/decode_fsinfo. This means removing the extend fattr to use 3rd word
> patch and instead placing the information inside an op specific struct.
> Work on Attribute change notification:
> Smaller patches if possible (client, server, support, etc...)
>
> Leaving RPCSECGSSv3 for now.
>
> January 10th next Meeting.
>
> Dave
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hi,

I would like to make sure that I understand Trond's feedback on the
current LNFS implementation.

1. Do we need to remove the "decode_attr_security_label" function from
"decode_getfattr_attrs" and have our own operation to exchange
security labels instead of piggy-backing labeled NFS request on
setting/getting file attributes?
2. Do we need to remove the FATTR4_WORD2_SECURITY_LABEL from the
nfs4_fattr_bitmap and exchange this information separately on a new
function, say decode/encode_security_label?

Please comment if this is in-line with everyone's line of thought
regarding the suggested change: "Work on making our attribute
encoding/decoding work more like encode/decode_fsinfo. This means
removing the extend fattr to use 3rd word patch and instead placing
the information inside an op specific struct."

Thank you very much!

Kind Regards,
Rodel