From: James Morris <jmorris@namei.org>
To: Dave Quigley <dpquigl@tycho.nsa.gov>
Cc: Christoph Hellwig <hch@infradead.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
casey@schaufler-ca.com, viro@ftp.linux.org.uk,
trond.myklebust@fys.uio.no, bfields@fieldses.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
LSM List <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name
Date: Fri, 29 Feb 2008 12:15:05 +1100 (EST) [thread overview]
Message-ID: <Xine.LNX.4.64.0802291155160.28680@us.intercode.com.au> (raw)
In-Reply-To: <1204243497.2715.24.camel@moss-terrapins.epoch.ncsc.mil>
On Thu, 28 Feb 2008, Dave Quigley wrote:
> There are several things here. I've spoken to several people about this
> and the belief I've gotten from most of them is that a recommended
> attribute is how this is to be transported. The NFSv4 spec people will
> probably say that if you want xattr like functionality for NFSv4 use
> named attributes.
NAs are a non-starter here for a couple of reasons.
1. They are specified as being user managed and opaque to NFS. MAC
labels are typically set by the OS, and may only be set by the user when
permitted by MAC policy. The labels need to be interpreted by the OS to
allow MAC policy to be enforced.
2. The NA namespace is arbitrary and opaque to the OS. There's no scope
in NFSv4 design to allow a namespace to be specified for e.g. MAC labels,
and trying to modify the spec to allow it seems impractical to me. It
would at the very least break backward compatibility with clients and
servers, and lead to some ugly hacks to try and ensure that systems were
reliably speaking to peers which understood the namespace.
It might be possible to implement Linux/BSD style xattrs for NFSv4,
assuming that the IETF folk would approve of the idea, but I don't think
this is really the right solution for conveying MAC labels across the
wire. The xattr API as a local interface is pretty good for this (as it
is FS independent, simple, and established), but that does not
automatically translate to an xattr wire protocol being the right thing.
The problem with this, I believe, is that you end up with quite a lot of
overhead and complexity being added to NFSv4 which does not actually meet
the requirements of MAC labeling, and like NAs, seems more suited
for arbitrary user-managed metdata.
Using RAs for MAC labels seems most appropriate, as they're simple,
extensible and already used for similar protocol attributes such as ACLs,
and other system-managed metadata.
- James
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2008-02-29 1:15 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-27 22:11 RFC Labeled NFS Initial Code Review David P. Quigley
2008-02-27 22:11 ` [PATCH 01/11] Security: Add hook to get full maclabel xattr name David P. Quigley
2008-02-27 23:42 ` Casey Schaufler
2008-02-28 0:12 ` Dave Quigley
2008-02-28 1:07 ` Casey Schaufler
2008-02-28 13:43 ` Stephen Smalley
2008-02-28 19:23 ` Casey Schaufler
2008-02-28 19:30 ` Stephen Smalley
2008-02-28 19:59 ` Casey Schaufler
2008-02-28 23:48 ` Christoph Hellwig
2008-02-29 0:04 ` Dave Quigley
2008-02-29 0:39 ` Christoph Hellwig
2008-02-29 0:32 ` Dave Quigley
2008-02-29 1:00 ` Christoph Hellwig
2008-02-29 0:42 ` Dave Quigley
2008-02-29 2:07 ` Casey Schaufler
2008-02-29 1:48 ` Dave Quigley
2008-02-29 13:30 ` Stephen Smalley
2008-02-29 14:45 ` Stephen Smalley
2008-02-29 1:47 ` Casey Schaufler
2008-02-29 1:33 ` Dave Quigley
2008-02-29 2:15 ` James Morris
2008-02-29 0:50 ` Trond Myklebust
2008-02-29 0:51 ` Christoph Hellwig
2008-02-29 1:00 ` Trond Myklebust
2008-02-29 1:55 ` Casey Schaufler
2008-02-29 5:04 ` Trond Myklebust
2008-02-29 17:46 ` Casey Schaufler
2008-02-29 18:28 ` Trond Myklebust
2008-02-29 18:52 ` Casey Schaufler
2008-02-29 19:50 ` Trond Myklebust
2008-02-29 21:07 ` Casey Schaufler
2008-02-29 21:00 ` Dave Quigley
2008-02-29 22:27 ` Casey Schaufler
2008-02-29 22:15 ` Dave Quigley
2008-02-29 22:58 ` Casey Schaufler
2008-03-01 0:09 ` Trond Myklebust
2008-03-01 0:41 ` Casey Schaufler
2008-02-29 1:26 ` Casey Schaufler
2008-02-29 5:01 ` Trond Myklebust
2008-02-29 17:26 ` Casey Schaufler
2008-02-29 1:04 ` Casey Schaufler
2008-02-29 0:52 ` Dave Quigley
2008-02-29 2:29 ` Casey Schaufler
2008-02-29 2:09 ` Dave Quigley
2008-02-29 1:15 ` James Morris [this message]
2008-02-29 13:31 ` Stephen Smalley
2008-02-29 17:52 ` Casey Schaufler
2008-02-29 21:50 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 02/11] Security: Add hook to calculate context based on a negative dentry David P. Quigley
2008-02-27 22:11 ` [PATCH 03/11] VFS: Add security label support to *notify David P. Quigley
2008-02-28 1:20 ` James Morris
2008-02-28 16:07 ` Dave Quigley
2008-02-28 23:54 ` Christoph Hellwig
2008-02-28 23:44 ` Dave Quigley
2008-02-29 0:23 ` Christoph Hellwig
2008-02-29 0:06 ` Dave Quigley
2008-02-29 1:52 ` Dave Quigley
2008-02-29 20:19 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 04/11] KConfig: Add KConfig entries for SELinux labeled NFS David P. Quigley
2008-02-27 22:11 ` [PATCH 05/11] NFSv4: Add label recommended attribute and NFSv4 flags David P. Quigley
2008-02-28 1:52 ` James Morris
2008-02-28 1:45 ` Dave Quigley
2008-02-28 13:55 ` Stephen Smalley
2008-02-27 22:11 ` [PATCH 06/11] SELinux: Add new labeling type native labels David P. Quigley
2008-02-27 22:11 ` [PATCH 07/11] NFS/SELinux: Add security_label text mount option to nfs and add handling code to the security server David P. Quigley
2008-02-28 14:22 ` Eric Paris
2008-02-27 22:11 ` [PATCH 08/11] NFS: Introduce lifecycle management for label attribute David P. Quigley
2008-02-28 4:13 ` James Morris
2008-02-28 16:24 ` Dave Quigley
2008-02-28 16:46 ` Dave Quigley
2008-02-27 22:11 ` [PATCH 09/11] NFS: Client implementation of Labeled-NFS David P. Quigley
2008-02-27 22:11 ` [PATCH 10/11] NFS: Extend nfs xattr handlers to accept the security namespace David P. Quigley
2008-02-27 22:11 ` [PATCH 11/11] NFSD: Server implementation of MAC Labeling David P. Quigley
2008-02-28 1:46 ` James Morris
2008-02-28 0:48 ` RFC Labeled NFS Initial Code Review Dave Quigley
2008-02-28 1:23 ` Dave Quigley
-- strict thread matches above, loose matches on Subject: below --
2008-02-27 20:39 David P. Quigley
2008-02-27 20:39 ` [PATCH 01/11] Security: Add hook to get full maclabel xattr name David P. Quigley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Xine.LNX.4.64.0802291155160.28680@us.intercode.com.au \
--to=jmorris@namei.org \
--cc=bfields@fieldses.org \
--cc=casey@schaufler-ca.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=trond.myklebust@fys.uio.no \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).