Security labeling in NFS4 - who owns it?
Paul Moore
paul at paul-moore.com
Thu Aug 1 22:02:32 UTC 2019
On Thu, Aug 1, 2019 at 3:39 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> As part of my work on LSM stacking I've encountered some issues with
> the Linux implementation of NFS4 security labels. For example, the LFS
> data is ignored, so even if the client and server are willing to identify
> the kind of information they are passing, the identity information isn't
> available. The code asks if attributes requested are mandatory access
> control attributes, but cannot differentiate between which of the possible
> security attribute the other end is providing.
>
> Is anyone actively owing the NFS labeling code? I'd like to bounce an
> idea or two around before committing too much time to my ideas of
> solutions.
I guess it all depends on what you mean by "own". Historically it has
been a mix of the NFS and SELinux folks that have worked on it and
contributed patches, with code sprinkled between the two subsystems
(and possibly elsewhere too).
I suspect a better question would be: who should you work with to
discuss issues the labeled NFS code? I don't want to assume too much,
but I think you know the answer to that one already ;)
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list