[RFC] Security Enhanced NFS (SENFS) Requirements - draft 05
Trond Myklebust
trond.myklebust at fys.uio.no
Sat Jun 23 18:50:08 EDT 2007
On Sat, 2007-06-23 at 22:10 +0100, Christoph Hellwig wrote:
> On Sat, Jun 23, 2007 at 01:45:45PM -0400, James Morris wrote:
> > On Sat, 23 Jun 2007, Christoph Hellwig wrote:
> >
> > > I'd love to see having support for this protocol on Linux. There's
> > > a lot of demand both for security label and just general user extended
> > > attributes on NFS.
> >
> > NFSv4 has named attributes, which are modeled on Solaris subfile-style
> > extended attributes.
>
> Which is exactly the problem. As usual NFSv4 has choosen the most braindead of
> all available models. That's why this protocol sucks so badly.
Without wanting to defend the NFSv4 named attribute model, I'd still
have to say that xattrs are hardly a good solution to the problem posed
by selinux: the namespace is ill-defined, and those few definitions that
do exist, tend to expose a whole s**tload of Linux kernel internals such
as our binary POSIX acl structures (which may be easy to back up via GNU
tar, but which remain inherently non-portable to other filesystems).
Nowhere is there a decent list of definitions for what all the various
namespaces do, and what belongs in them. They are just ioctls by another
name...
I'd by far prefer an selinux solution along the lines of what James
proposes, where the requirements are spelled out in a protocol rather
than being expressed in terms of the xattr API.
Trond
More information about the NFSv4
mailing list