[Labeled-nfs] Current development prototype patches.
Trond Myklebust
trond.myklebust at fys.uio.no
Tue Aug 7 19:12:42 EDT 2007
On Tue, 2007-08-07 at 18:23 -0400, Matthew N. Dodd wrote:
> Casey Schaufler wrote:
> > --- James Morris <jmorris at namei.org> wrote:
> >> On Fri, 3 Aug 2007, Matthew N. Dodd wrote:
> >>> I would like to ask opinions on a less EA centric mechanism for
> >>> setting labels from userland. As we're pursuing a labeling
> >>> solution that does not rely on EAs for persistent storage (from
> >>> the client's point of view) it becomes difficult to shoehorn
> >>> things so that userland tools work as expected.
> >
> > Why would you do that? The xattr infrastructure works very well for
> > labeling. Labeling was in fact the only use to which it was put
> > during it's initial Unix development at SGI.
>
> Because we're looking at passing NFSv4 labels via getattr/setattr.
>
> (It occurs to me that this may not have been stated to everyone in a
> clear manner.)
Woah... Why do you think you could not pass an EA via the
getattr/setattr operations?
There are many reasons why I don't like the EA approach, but this isn't
one of them. EAs would fit just as nicely into the GETATTR/SETATTR
paradigm as security labels would.
Trond
More information about the Labeled-nfs
mailing list