[Labeled-nfs] Labeled NFS Update
Nicolas Williams
Nicolas.Williams at sun.com
Thu Sep 3 19:35:35 EDT 2009
On Thu, Sep 03, 2009 at 04:25:11PM -0700, Jarrett Lu wrote:
> Thanks for the update. It's been a while, and I like to back up and ask
> a high level question. When accessing a remote file system object (on
> MAC systems), two important pieces of information need to be exchanged:
> (1) the credential of the requester (e.g. its label, privileges,
> security context, capabilities, etc.). The credential will be used as
> part of access control. (2) label of the object being accessed (e.g.
> security label attributes of a file). In the proposed Labeled NFS model,
> is it true that (1) will be covered by RPCSECGSSv3 and (2) will be
> covered by the new MAC Label Attributes in NFSv4.2?
I can't speak for David, but IMO those are the two needed pieces, with
this caveat: they are somewhat optional, and if not available then
everything is very constrained.
I.e., a server can still enforce MAC when clients use RPCSEC_GSSv1 or
v2. And clients and servers can still enforce MAC when using NFSv4.0 or
v4.1 without the new MAC label attributes. Obviously, not having
RPCSEC_GSSv3 or new MAC Label Attributes would enormously constrain what
can be done. E.g., RPCSEC_GSSv1 -> one label per-client principal. No
label attributes -> client can't find out nor set the attribute of a
file, _except_ by tying labels to locations (much like TX does).
Nico
--
More information about the Labeled-nfs
mailing list