From: James Morris <jmorris@namei.org>
To: Eric Paris <eparis@redhat.com>
Cc: linux-nfs@vger.kernel.org, selinux@tycho.nsa.gov,
linux-security-module@vger.kernel.org, steved@redhat.com,
jlayton@redhat.com, sds@tycho.nsa.gov, chuck.lever@oracle.com,
akpm@linux-foundation.org
Subject: Re: [PATCH] NFS/LSM: Make NFSv4 set LSM mount options
Date: Fri, 18 Apr 2008 09:12:24 +1000 (EST) [thread overview]
Message-ID: <Xine.LNX.4.64.0804180911570.23675@us.intercode.com.au> (raw)
In-Reply-To: <1208441091.2985.8.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
On Thu, 17 Apr 2008, Eric Paris wrote:
> NFSv3 get_sb operations call into the LSM layer to set security options
> passed from userspace. NFSv4 hooks were not originally added since it
> was reasonably late in the merge window and NFSv3 was the only thing
> that had regressed (v4 has never supported any LSM options)
>
> This patch makes NFSv4 call into the LSM to set security options rather
> than just blindly dropping them with no notice to the user as happens
> today. This patch was tested in a simple NFSv4 environment with the
> context= option and appeared to work as expected.
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
--
James Morris
<jmorris@namei.org>
WARNING: multiple messages have this Message-ID (diff)
From: James Morris <jmorris@namei.org>
To: Eric Paris <eparis@redhat.com>
Cc: linux-nfs@vger.kernel.org, selinux@tycho.nsa.gov,
linux-security-module@vger.kernel.org, steved@redhat.com,
jlayton@redhat.com, sds@tycho.nsa.gov, chuck.lever@oracle.com,
akpm@linux-foundation.org
Subject: Re: [PATCH] NFS/LSM: Make NFSv4 set LSM mount options
Date: Fri, 18 Apr 2008 09:12:24 +1000 (EST) [thread overview]
Message-ID: <Xine.LNX.4.64.0804180911570.23675@us.intercode.com.au> (raw)
In-Reply-To: <1208441091.2985.8.camel@localhost.localdomain>
On Thu, 17 Apr 2008, Eric Paris wrote:
> NFSv3 get_sb operations call into the LSM layer to set security options
> passed from userspace. NFSv4 hooks were not originally added since it
> was reasonably late in the merge window and NFSv3 was the only thing
> that had regressed (v4 has never supported any LSM options)
>
> This patch makes NFSv4 call into the LSM to set security options rather
> than just blindly dropping them with no notice to the user as happens
> today. This patch was tested in a simple NFSv4 environment with the
> context= option and appeared to work as expected.
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
--
James Morris
<jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-04-17 23:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-05 19:20 [PATCH 2/2-v2] NFS: use new LSM interfaces to explicitly set mount options Eric Paris
2008-03-05 19:20 ` Eric Paris
2008-03-05 19:20 ` Eric Paris
2008-03-05 19:34 ` Trond Myklebust
2008-03-05 22:12 ` James Morris
2008-03-05 22:12 ` James Morris
[not found] ` <1204744818.3216.254.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-04-17 14:04 ` [PATCH] NFS/LSM: Make NFSv4 set LSM " Eric Paris
2008-04-17 14:04 ` Eric Paris
[not found] ` <1208441091.2985.8.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-04-17 23:12 ` James Morris [this message]
2008-04-17 23:12 ` James Morris
[not found] ` <Xine.LNX.4.64.0804180911570.23675-RC8Ws/H8zzudju81dFSl6rpzq4S04n8Q@public.gmane.org>
2008-04-30 16:47 ` Eric Paris
2008-04-30 16:47 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Xine.LNX.4.64.0804180911570.23675@us.intercode.com.au \
--to=jmorris@namei.org \
--cc=akpm@linux-foundation.org \
--cc=chuck.lever@oracle.com \
--cc=eparis@redhat.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.