[RFC] Security Enhanced NFS (SENFS) Requirements - draft 05
Christoph Hellwig
hch at infradead.org
Sat Jun 23 03:15:36 EDT 2007
On Fri, Jun 22, 2007 at 02:29:55PM -0700, Casey Schaufler wrote:
>
> --- James Morris <jmorris at namei.org> wrote:
>
> > Attached is a draft requirements document for the integration of SELinux
> > and NFSv4 (SENFS). Also available at:
> >
> > http://namei.org/selinux/nfs/senfs-requirements-draft-05.txt
> >
> > This has been through a few internal iterations from the SELinux side, and
> > we hope to now obtain feedback from a wider audience, particularly Linux
> > NFS developers.
> >
> > The goals at this stage are to ensure we have capture all of the
> > requirements correctly, and that we're on the right track in general.
> >
> > Low-level implementation details are not considered in this document, and
> > are intended to be outlined in a subsequent functional specification, once
> > the requirements have been nailed down.
> >
> > Please reply with any feedback.
>
> Somewhere between 2000 and 2002 (it's all a blur to me now) SGI
> made the OB1 project available on oss.sgi.com. Included in this
> project was the source code for an extended attribute protocol
> to sit beside NFSv3. I have attached the code as a worked example
> of how one can go about implementing linux style* extended attributes
> in a distributed environment. This scheme does not address all of
> your requirements, it only addresses transport and storage, it does
> not address authentication or validation.
I'd love to see having support for this protocol on Linux. There's
a lot of demand both for security label and just general user extended
attributes on NFS.
More information about the NFSv4
mailing list