[Labeled-nfs] Client and Server policies and file creation.

[Matthew N. Dodd]

Casey Schaufler wrote:
> --- "Matthew N. Dodd" <Matthew.Dodd at sparta.com> wrote:
>> When a file is created by a client, the client passes the desired 
>> attributes to the server in the request.  Later, the client
>> requests the attributes the server created the file with.
>> 
>> It seems to me that this is exactly the way we want things to
>> function when we enforce policy on the client and the server.
> 
> An important question is whether the client is going to get back the
> same attributes it sent in all cases.

I think the implication of my description above is that, depending on
server policy, a client may not get back the same label.  This offers
the server the ability to go beyond simply failing the operation,
providing the client policy can deal with getting a different label back.

Note that when the client sends the label to the server the label isn't
associated with an inode but is simply an expression of client desires
for the create operation.  Once the create operation returns success the
client conjures a local inode to represent newly created remote file.

> This requires either that the server stores what the client sent or
> that the mapping between what the client sends and what the server
> stores is reverseable.

The process I describe is outside of any mapping that occurs when 
translating a label from one domain to another.

I think the use case here is something on the order of the client policy 
computing a label based on say, an application label, and the server 
policy constraining the label based on path or directory permissions, or 
some more complex scheme involving client identity.

-- 
Matthew N. Dodd <Matthew.Dodd at sparta.com>
Principal Engineer, ISSO, SRD