[Labeled-nfs] [PATCH 13/13] NFSD: Label change notification for NFSv4 Server
Trond Myklebust
trond.myklebust at fys.uio.no
Mon Nov 19 18:10:26 EST 2007
On Tue, 2007-11-20 at 09:48 +1100, James Morris wrote:
> A possible approach for dealing with all of these is to use a
> per-procedure OP which is prefixed in a similar manner to SEQUENCE, when
> security labeling is active. It may be possible to optimize this at the
> server so that an updated file security label (or ineed the entire
> security OP) is only sent if required.
Right. You could use a stateid to represent the 'state of the current
security label', and define an OP to tag all subsequent OPs in the
COMPOUND (like PUTFH 'tags' all future OPs with a current filehandle).
That model gives the server a callback-free method for rejecting an
operation if ever it sees that your idea of the file security labelling
differs from its internal state.
You could even stack labels in the same way that SAVEFH and RESTOREFH
do, so that operations like LINK and RENAME which take more than one
filehandle can work.
Cheers
Trond
More information about the Labeled-nfs
mailing list