No subject

work" as it would for an unlabeled mount with say, kerberos security, and 
not require external IPsec configuration.

Note that further modifications would still need to be made to the 
protocol beyond step 1.  As outlined, several aspects of security state 
need to be conveyed over the network and managed, and the labels on files 
are just one such aspect.  Breaking this layer out is likely how we arrive 
at Paul Moore's labeled NFS (vs. SELinux specific).


> For step 3 you'll most likely want a framework so that machines
> with different SELinux policy files or other system differences
> (US DoD Secret is not the same as US DoE Secret) can figure out
> among themselves who gets to decide on a given access. That, or
> a mechanism for translating the attributes as they pass between
> machines. Or both.

Indeed.

> 
> > > Btw, I will be in Ottawa next week.  Perhaps it might be worth organizing 
> > > a lunch or similar for people who are there and interested in discussing 
> > > this.
> > 
> > I'd be interested.--b.
> 
> Can't make it (again) this year.
> 
> 
> Casey Schaufler
> casey at schaufler-ca.com
> 

-- 
James Morris
<jmorris at namei.org>