[Labeled-nfs] Client process label operation (OP_PUTCLIENTLABEL)
James Morris
jmorris at namei.org
Mon Dec 17 10:24:51 EST 2007
On Mon, 17 Dec 2007, Dave Quigley wrote:
> Ok so this is how it works then. If the client wishes to use fscreate it
> places it in the fattr4 structure sent over. If it is blank then the
> process label is sent over, translated into the server's doi, and then
> the server makes the decision on how to label. Why is this field needed
> then? You can still get your functionality without it. I'm not saying
> that I disagree with the functionality just that this item doesn't seem
> necessary.
Ok, that should work.
> "Ok I think it is overly complicated to ask the client to enforce the
> server's policy. That should be the job of the server. This is easily
> handled since NFSv4 added an open operation. The only problem I see is
> delegations and there seems to be only two reasonable ways to handle
> this.
What about locally cached objects on clients?
> Either we disable delegations, or it is a prerequisite that the
> client and server must both be using the same policy."
We can't break NFS by disabling features, and it seems extremely unlikely
that we can expect them to be using the same policy.
- James
--
James Morris
<jmorris at namei.org>
More information about the Labeled-nfs
mailing list