[RFC] Domain of Interpretation mapping daemon
Dave Quigley
dpquigl at tycho.nsa.gov
Thu Nov 29 12:12:53 EST 2007
Hello,
Since we have just made an RFC based on a stable version of the Labeled
NFS work I have come back to trying to solve my problems with the DOI
mapping daemon. The principal behind this daemon is the same as idmapd
in that security labels need to potentially be translated between
security policies. I am having an issue with the rpc caches on the
server side as outlined in my original email back in October. You can
find the email at this link
http://marc.info/?l=linux-nfsv4&m=119271612319792&w=2
In reply to this email I will be posting several patches.
1 - The base labeled-nfs patch which the doimapping changes apply on.
This patch applies to any 2.6.24-rc2 kernel.
2 - The client side implementation of the doimapping daemon. As far as I
can tell this works fine since I see the labeled being transformed when
it is inspected in wireshark
3 - The server side implementation of the doimapping daemon. This is
where the problem should be and I think I have narrowed it down the
potential offending area. It can be found in the original email.
4 - Hook placement for the translation daemon.
The remaning patches apply to nfs-utils to provide the actual userspace
daemon.
5 - movement of certain functionality into the main nfs-utils library so
both doimapd and idmapd can use it.
6 - The daemon itself.
I hope someone else has some insight into this problem because I was
banging my head against it for almost two weeks before I put it aside.
Dave Quigley
More information about the NFSv4
mailing list