From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: casey@schaufler-ca.com
Cc: Christoph Hellwig <hch@infradead.org>,
Dave Quigley <dpquigl@tycho.nsa.gov>,
Stephen Smalley <sds@tycho.nsa.gov>,
viro@ftp.linux.org.uk, bfields@fieldses.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
LSM List <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name
Date: Fri, 29 Feb 2008 16:09:06 -0800 [thread overview]
Message-ID: <1204330146.8237.24.camel@heimdal.trondhjem.org> (raw)
In-Reply-To: <951672.28092.qm@web36608.mail.mud.yahoo.com>
On Fri, 2008-02-29 at 13:07 -0800, Casey Schaufler wrote:
> --- Trond Myklebust <trond.myklebust@fys.uio.no> wrote:
>
> > On Fri, 2008-02-29 at 10:52 -0800, Casey Schaufler wrote:
> > > So it sounds as if for an xattr protocol to be viable it would first
> > > require that xattr semantics be generally accepted (POSIX definition
> > > would suffice), that there be multiple implementations (Linux and Irix
> > > could suffice should Irix still be around when POSIX is done), and
> > > that there be a perceived need beyond that of the Lunitic Fringe
> > > Security Community.
> >
> > The problem isn't that of supporting the naive user xattr model: we can
> > almost do that within the existing 'named attribute' model of NFSv4. The
> > problem is that of supporting the arbitrary "security metadata" that are
> > allowed to have side-effects on the system behaviour, and that we appear
> > to have thought was a good idea to overload onto the xattr interface.
>
> Hum. Security metadata was one of the justifications for the
> original implementation of the xattr interface for XFS at SGI.
> The implementation was intended to be generic and allow for
> storage of data that impacts system behavior. No, it is not
> overloading at all, it is really supposed to be used that way.
> That's how it works on CXFS, which I know is still proprietary,
> but which could become an open peer of NFS someday.
Historical accidents change nothing to my argument. I still don't like
to be confusing user xattrs (which is a _storage_ issue) and the
security metadata (part of a _control_ protocol).
Nor do I see a compelling need to repeat any design mistakes that CXFS
might have made in this area...
> Yes, I can see that having a specific interface reduces the
> documentation required, and simplifies it as well. Unfortunately,
> given the way that a secctx is defined for either SELinux or
> Smack, and the fact that the relationships between secctx values
> are defined independently on the server and client* it does not
> appear that the interoperability issue has been addressed, or
> even really acknowleged with the proposed scheme. Yes, the issue
> of label translation has been acknowleged, but it appears to me
> that a day one solution is required for the scheme to be useful.
What would your expectation be for a SMACK-based client, if it mounts
from a server that turns out to be running with an SELinux security
model, or vice versa?
Trond
next prev parent reply other threads:[~2008-03-01 0:09 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-27 22:11 RFC Labeled NFS Initial Code Review David P. Quigley
2008-02-27 22:11 ` [PATCH 01/11] Security: Add hook to get full maclabel xattr name David P. Quigley
2008-02-27 23:42 ` Casey Schaufler
2008-02-28 0:12 ` Dave Quigley
2008-02-28 1:07 ` Casey Schaufler
2008-02-28 13:43 ` Stephen Smalley
2008-02-28 19:23 ` Casey Schaufler
2008-02-28 19:30 ` Stephen Smalley
2008-02-28 19:59 ` Casey Schaufler
2008-02-28 23:48 ` Christoph Hellwig
2008-02-29 0:04 ` Dave Quigley
2008-02-29 0:39 ` Christoph Hellwig
2008-02-29 0:32 ` Dave Quigley
2008-02-29 1:00 ` Christoph Hellwig
2008-02-29 0:42 ` Dave Quigley
2008-02-29 2:07 ` Casey Schaufler
2008-02-29 1:48 ` Dave Quigley
2008-02-29 13:30 ` Stephen Smalley
2008-02-29 14:45 ` Stephen Smalley
2008-02-29 1:47 ` Casey Schaufler
2008-02-29 1:33 ` Dave Quigley
2008-02-29 2:15 ` James Morris
2008-02-29 0:50 ` Trond Myklebust
2008-02-29 0:51 ` Christoph Hellwig
2008-02-29 1:00 ` Trond Myklebust
2008-02-29 1:55 ` Casey Schaufler
2008-02-29 5:04 ` Trond Myklebust
2008-02-29 17:46 ` Casey Schaufler
2008-02-29 18:28 ` Trond Myklebust
2008-02-29 18:52 ` Casey Schaufler
2008-02-29 19:50 ` Trond Myklebust
2008-02-29 21:07 ` Casey Schaufler
2008-02-29 21:00 ` Dave Quigley
2008-02-29 22:27 ` Casey Schaufler
2008-02-29 22:15 ` Dave Quigley
2008-02-29 22:58 ` Casey Schaufler
2008-03-01 0:09 ` Trond Myklebust [this message]
2008-03-01 0:41 ` Casey Schaufler
2008-02-29 1:26 ` Casey Schaufler
2008-02-29 5:01 ` Trond Myklebust
2008-02-29 17:26 ` Casey Schaufler
2008-02-29 1:04 ` Casey Schaufler
2008-02-29 0:52 ` Dave Quigley
2008-02-29 2:29 ` Casey Schaufler
2008-02-29 2:09 ` Dave Quigley
2008-02-29 1:15 ` James Morris
2008-02-29 13:31 ` Stephen Smalley
2008-02-29 17:52 ` Casey Schaufler
2008-02-29 21:50 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 02/11] Security: Add hook to calculate context based on a negative dentry David P. Quigley
2008-02-27 22:11 ` [PATCH 03/11] VFS: Add security label support to *notify David P. Quigley
2008-02-28 1:20 ` James Morris
2008-02-28 16:07 ` Dave Quigley
2008-02-28 23:54 ` Christoph Hellwig
2008-02-28 23:44 ` Dave Quigley
2008-02-29 0:23 ` Christoph Hellwig
2008-02-29 0:06 ` Dave Quigley
2008-02-29 1:52 ` Dave Quigley
2008-02-29 20:19 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 04/11] KConfig: Add KConfig entries for SELinux labeled NFS David P. Quigley
2008-02-27 22:11 ` [PATCH 05/11] NFSv4: Add label recommended attribute and NFSv4 flags David P. Quigley
2008-02-28 1:52 ` James Morris
2008-02-28 1:45 ` Dave Quigley
2008-02-28 13:55 ` Stephen Smalley
2008-02-27 22:11 ` [PATCH 06/11] SELinux: Add new labeling type native labels David P. Quigley
2008-02-27 22:11 ` [PATCH 07/11] NFS/SELinux: Add security_label text mount option to nfs and add handling code to the security server David P. Quigley
2008-02-28 14:22 ` Eric Paris
2008-02-27 22:11 ` [PATCH 08/11] NFS: Introduce lifecycle management for label attribute David P. Quigley
2008-02-28 4:13 ` James Morris
2008-02-28 16:24 ` Dave Quigley
2008-02-28 16:46 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 09/11] NFS: Client implementation of Labeled-NFS David P. Quigley
2008-02-27 22:11 ` [PATCH 10/11] NFS: Extend nfs xattr handlers to accept the security namespace David P. Quigley
2008-02-27 22:11 ` [PATCH 11/11] NFSD: Server implementation of MAC Labeling David P. Quigley
2008-02-28 1:46 ` James Morris
2008-02-28 0:48 ` RFC Labeled NFS Initial Code Review Dave Quigley
2008-02-28 1:23 ` Dave Quigley
-- strict thread matches above, loose matches on Subject: below --
2008-02-27 20:39 David P. Quigley
2008-02-27 20:39 ` [PATCH 01/11] Security: Add hook to get full maclabel xattr name David P. Quigley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1204330146.8237.24.camel@heimdal.trondhjem.org \
--to=trond.myklebust@fys.uio.no \
--cc=bfields@fieldses.org \
--cc=casey@schaufler-ca.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).