[Labeled-nfs] [PATCH 6/7] NFSv4: Client implementation of MAC Labeling
Stephen Smalley
sds at tycho.nsa.gov
Wed Aug 1 17:34:20 EDT 2007
On Wed, 2007-08-01 at 14:29 -0700, Casey Schaufler wrote:
> --- "David P. Quigley" <dpquigl at tycho.nsa.gov> wrote:
>
> > From: David P. Quigley <dpquigl at tycho.nsa.gov>
> >
> > There are several places where recommended attributes are implemented in the
> > NFSv4 client code. This patch adds two functions to encode and decode the
> > secid
> > recommended attribute which makes use of the LSM hooks added earlier. It also
> > adds code to grab the label from the file attribute structures and encode the
> > label to be sent back to the server. Even though the code is there to encode
> > a
> > label to be sent back to the server there does not appear to be an interface
> > to
> > use it yet.
>
> My usual comments regarding configuration names being SELINUX instead
> of MAC if you stick with u32 labels.
>
> Now I'm confused. Are you sending the context string on the wire,
> or a sid?
The context string. But it is then mapped to a local SID when it is
received.
--
Stephen Smalley
National Security Agency
More information about the Labeled-nfs
mailing list