[Labeled-nfs] Post LinuxCon/LPC Update

David P. Quigley dpquigl at tycho.nsa.gov
Tue Sep 29 15:51:29 EDT 2009 

Hello,
	
	Now that LinuxCon, LPC, and the SELinux Developers Summit are over I
have another update for Labeled NFS. Over the course of the conferences
I updated the Labeled NFS patchset to 2.6.31 and have changed the way we
will be distributing and working on the Labeled NFS code. The Labeled
NFS code was distributed as a git tree on the selinuxproject.org git
page and if you wanted the patches you could use git-format-patch to
pull the commits that were in the patchset branch. 

	The new method of releasing the Labeled NFS code will consist of two
git trees. If you look at http://selinuxproject.org/git there is a tree
named lnfs-patchset and another named lnfs. The first tree contains a
guilt patch series with the Labeled NFS code. As of the moment there is
just the version of the patches for 2.6.31 in the tree. As time goes by
there will be new commits for the patches which are for newer kernel
versions. It is unclear if we should only track release versions or if
we should also track the RC tags as well. If we decide to track Linus'
rc tags I will probably skip rc1 and maybe even rc2 seeing as rc1 is the
close of the merge window and there is no guarantee that the tree is not
completely broken.

	The second tree that I mentioned above will be the full kernel tree
with the Labeled NFS patches applied. While the lnfs-patchset repository
uses tags to mark particular kernel versions this isn't possible with
the kernel git tree so we use branches instead. In the lnfs tree you
will find a branch for each tag in the lnfs-patchset repository. So
currently there is a v2.6.31-lnfs branch on the lnfs git tree. If you
wish to do development against the LNFS tree or test the code you should
check out the latest version of the tree. The main branch for the
repository will always be the latest one so a git clone should pull it
automatically.

	Now the reason for all of these changes is that the purpose of my talks
at the various conferences was to increase participation in the project.
The clean up of the code repositories was drive by the need to make it
as easy as possible for people to contribute. The second part of this is
a new TODO list of things that people who are interested in
participating can attempt to tackle. The initial list is posted below
and it will also be available on the selinuxproject wiki at
http://www.selinuxproject.org/pages/Labeled_NFS/TODO. As details unfold
about each of the TODO items the TODO page will be updated to reflect
specific tasks that need to be completed. 

	Below are the TODO items broken up into three sections. I have omitted
the sub-tasks for each item as I will be placing them on the TODO wiki
page along with the status of each of the items. If you are interested
in working on any of these items please respond to the email with what
you are interest in and I can help you get started. 

Dave

Linux Prototype TODO Items
----------------------------------------------------------------------

Update Label Translation Framework Patches.
Provide mechanism to allow NFSD to determine a context to act as
RPCSECGSSv3 implementation
Develop MLS CALIPSO Translation Module

IETF TODO Items
----------------------------------------------------------------------
Policy Format Specification Document
CALIPSO MLS Format Specification Document

FreeBSD 8.0 Prototype TODO Items
----------------------------------------------------------------------
Implement MAC Recommended attribute
Implement RPCSECGSSv3
Implement Translation Framework
Implement CALIPSO MLS Translation Module

More information about the Labeled-nfs mailing list