[Labeled-nfs] [RFC] SENFS: MAC labeling support for NFSv4

[Casey Schaufler]

--- Stephen Smalley <sds at tycho.nsa.gov> wrote:
 
> > In the spirit of LSM I suggest that blobs are more appropriate
> > units of data than u32s. I understand that the SELinux design
> > philosophy is well served by secids. My design philosophy, which
> > is pretty much the opposite, has no need for secids and is
> > negatively impacted by interfaces that require them.
> 
> Blobs require full lifecycle management.

Yup.

> secids are lighter weight,

They are lighter weight than big labels. They are heavier than
small labels. They require translation, while certain designs of
small labels don't even require translation to print.

> and
> it isn't that hard for you to implement a secid-to-label mapping in your
> own module even if you don't otherwise use them internally.

Is true. It just feels silly to translate a text string into a secid
so that I can pass it to someone who only cares about the secid because
they want to use it to get the string I had in the first place.

> secids are already entrenched in the LSM interface for labeled
> networking

The xfrm interfaces that require secids are seriously SELinux components.
Netlabel only uses secids for audit. 

> and are already entrenched in the audit-selinux interface
> (even if converted to using LSM hooks).

So I've found. It is annoying that the audit system passes around sids
when it never uses them except to get the associated strings, which
Smack uses natively and can provide trivially.

Well, I can generally identify a windmill when I'm tilting it, so
now that I've aired my heretical notions I'll get on with it.

Thank you.


Casey Schaufler
casey at schaufler-ca.com