Security labeling in NFS4 - who owns it?

Casey Schaufler casey at schaufler-ca.com
Thu Aug 1 19:39:13 UTC 2019


As part of my work on LSM stacking I've encountered some issues with
the Linux implementation of NFS4 security labels. For example, the LFS
data is ignored, so even if the client and server are willing to identify
the kind of information they are passing, the identity information isn't
available. The code asks if attributes requested are mandatory access
control attributes, but cannot differentiate between which of the possible
security attribute the other end is providing.

Is anyone actively owing the NFS labeling code? I'd like to bounce an
idea or two around before committing too much time to my ideas of
solutions.

 





More information about the Linux-security-module-archive mailing list