[RFC] Security Enhanced NFS (SENFS) Requirements - draft 05
Casey Schaufler
casey at schaufler-ca.com
Fri Jun 22 17:29:55 EDT 2007
--- James Morris <jmorris at namei.org> wrote:
> Attached is a draft requirements document for the integration of SELinux
> and NFSv4 (SENFS). Also available at:
>
> http://namei.org/selinux/nfs/senfs-requirements-draft-05.txt
>
> This has been through a few internal iterations from the SELinux side, and
> we hope to now obtain feedback from a wider audience, particularly Linux
> NFS developers.
>
> The goals at this stage are to ensure we have capture all of the
> requirements correctly, and that we're on the right track in general.
>
> Low-level implementation details are not considered in this document, and
> are intended to be outlined in a subsequent functional specification, once
> the requirements have been nailed down.
>
> Please reply with any feedback.
Somewhere between 2000 and 2002 (it's all a blur to me now) SGI
made the OB1 project available on oss.sgi.com. Included in this
project was the source code for an extended attribute protocol
to sit beside NFSv3. I have attached the code as a worked example
of how one can go about implementing linux style* extended attributes
in a distributed environment. This scheme does not address all of
your requirements, it only addresses transport and storage, it does
not address authentication or validation.
---
* Linux style extended attributes are closely modeled after
Irix extended attributes.
Casey Schaufler
casey at schaufler-ca.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sginfsxattr.tar
Type: application/x-tar
Size: 51200 bytes
Desc: 3823366331-sginfsxattr.tar
Url : http://linux-nfs.org/pipermail/nfsv4/attachments/20070622/abda6ad7/attachment.tar
More information about the NFSv4
mailing list