[Labeled-nfs] Personal Internet-Draft for MAC support in NFSv4

[Casey Schaufler]

--- Stephen Smalley <sds at tycho.nsa.gov> wrote:

> 
> >...
> > I suggest that you take these strongly oppinionated statement
> > out of this Draft. First, they don't add any value in support of
> > the technology you are proposing. Second, they suggest that you
> > are making a proposal that ought not to allow such behavior and
> > that reduces the generality of your plan. Third, I would be
> > seriously disinclined to endorse the proposal, even though I
> > see no problems with the actual text, just because you insist
> > on dissing many of the implementations that would benefit from
> > it.
> > 
> > I have no problem with you targeting the proposal to SELinux.
> > That is your job, after all. Ignore all the other MAC schemes
> > if you must, although to be honest that is going to raise its
> > own set of political issues at the IETF. But please don't
> > turn this into a battlefield within our extraordinarily small
> > MAC community, and especially don't do it in front of the
> > children^H^H^H^H^H^H^H^HIETF.
> 
> Hi,
> 
> I don't think Dave intended the text to limit the applicability of
> labeled NFS for other MAC models, and I think we can address your
> concerns in the final text.

Thank you. I understand that the intention of the text is to
support the value of SELinux.

> However, by way of explanation, as I understand it, we were asked to
> include some background and rationale for why MAC support should matter
> to the NFSv4 WG, and a key part of that is the fact that MAC is now a
> mainstream security feature of general purpose operating systems. I
> don't believe that would be true if we had stayed with only the
> traditional notions of MAC that were implemented in trusted operating
> systems of the past. The flexible MAC model demonstrated in SELinux
> along with the SELinux project's advocacy of MAC as a useful feature for
> mainstream users played an important role in gaining adoption for MAC in
> mainline operating systems.

I personally believe that any model backed by the NSA to the
extent SELinux has been backed would have enjoyed similar success
in the marketplace. Flexiblity in a MAC model is I think a matter
of taste, and while I personally agree with you (Smack is also a
flexible MAC model) there are advocates of rigid (think lomac)
models, even to the extent that the MLS component of SELinux does
not bend particularly well. I've said it before, SELinux has the
unquestionable leadership role in MAC systems today. Five years
from now, who's to say? If the EU decides that Smack is the way to
go it might be kind of embarrassing for the labeled-nfs draft to
contain the language that is in it now. Again, I assume that
there was no malice in the original text, and appreciate that y'all
are willing to put it right.

Thank you.

Casey Schaufler
casey at schaufler-ca.com