[Labeled-nfs] Current status

[Stephen Smalley]

On Thu, 2007-07-26 at 08:13 -0700, James Morris wrote:
> On Wed, 25 Jul 2007, Joe Nall wrote:
> 
> > Looks good. I'm a little concerned about the potential complexity of the DOI
> > negotiation and mapping. It is not clear to me that the complexity is
> > warranted by real world requirements.
> 
> What we intend to do is to at least identify where DOI needs to be 
> considered, to ensure that it is part of the underlying design and not 
> something which has to be added later as an afterthought.
> 
> Also, from a practical point of view, we will need to ensure that systems 
> know whether and/or how they can understand each other, especially when 
> you have e.g. an organization-wide network connecting to a fileserver, 
> where manual configuration of the relationships cannot scale.
> 
> > > - "dumb" server, which is not itself MAC enabled, entirely trusts
> > >   clients, and simply stores and retrieves MAC labels with the data
> > 
> > I'm having a hard time envisioning how you would sell this to an
> > accreditor/evaluator since server users and processes would not be bound by
> > MAC. Maybe if there are no local users (appliance?) and the server meets CAPP.
> 
> As Karl mentioned, this would likely not be accreditable, but potentially 
> a practical measure for generalized use.  We still need to more closely 
> analyze the benefits vs. drawbacks of such a scheme.

I'm not convinced that it wouldn't be accreditable, although I am not an
accreditor and can't say for sure.  Regardless, it is a real case that
we have to support for the common case of NFS appliances and for the
reality that it will take quite some time to get any significant
extensions to NFS deployed into server environments.

(btw, this is also a test message because Dave Quigley has tried sending
patches to this list unsuccessfully, and also didn't get another simple
test message through - is there a problem?)

-- 
Stephen Smalley
National Security Agency