[Labeled-nfs] Current development prototype patches.

[Paul Moore]

On Monday, August 6 2007 2:08:29 pm Casey Schaufler wrote:
> --- "David P. Quigley" <dpquigl at tycho.nsa.gov> wrote:
> > At this point the
> > server can determine if it wants that client to be able to label the
> > file in that manner and send a create/setattr failure back to the client
> > if it chooses to do so.
>
> But what criteria can it use in the absence of understanding
> the client's rules? In the old MLS world we could store the MAC
> label as level/category-set values and mandate that everyone used
> the same level and category definitions. The vendors who did that
> were able to support NFS whereas the one who used mapped (e.g.
> secid) schemes had real struggles because everything has to be
> translated by everyone.

I believe the idea is to use a DOI value on the wire to help solve the problem 
of assigning the correct semantics to a given label.  Of course this doesn't 
help eliminate the need for label translations, but I think the reality of 
the matter is that if we want any sort of interoperability across different 
platforms/security-models we are going to need a label translation mechanism 
in place.

> It seems that your best bet may be simply label identification.
> Store the source of the label with the label and let the clients
> (and local use on the server) fight out the access control rules.

Once again, perhaps things have changed, but my understanding was that a 
file's label would be stored on disk using the native DOI of the host and, if 
necessary, translated before being transmitted across the network.

> Isn't the composition problem fun?

... I assure you those are tears of joy ;)

-- 
paul moore
linux security @ hp