[RFC] Security Enhanced NFS (SENFS) Requirements - draft 05
James Morris
jmorris at namei.org
Thu Jun 21 01:30:52 EDT 2007
On Wed, 20 Jun 2007, James Morris wrote:
> > > SENFS will not support this initially in Full Mode, although for Guest
> > > Mode, the server may convey locally generated security labels to the
> > > client.
> >
> > I don't understand.
>
> If my understanding of multi-server name spaces & referrals is correct,
> then the NFS server may be exporting a filesystem from another machine as
> if it was its own.
>
> In this case, we won't initially try and solve the potential SELinux
> issues here (e.g. conveying SELinux state between multiple parties, and
> across multiple security boundaries), and instead just allow the server to
> assign labels to the filesystem itself. This would likely be some default
> label for the entire referred fs.
It seems my understanding here is wrong, after re-reading the 4.1 spec. I
need to rework this section of the document.
- James
--
James Morris
<jmorris at namei.org>
More information about the NFSv4
mailing list