On Tue, 19 Feb 2008, Christoph Hellwig wrote:

quoted text
> Please don't introduce a special case for just nfs.  All filesystems
> should control their mount options, so please provide some library
> helpers for context= handling and move it into all filesystems that
> can support selinux.

It's not so much a special case for NFS, just that NFS happens to use 
binary mount options.  So, I guess it could be put into a library for 
other potential filesystems with binary mount options.

To clarify:

The SELinux options are indeed filesystem independent, and the FS should 
really not need to be concerned at all with them.  For everything except 
NFS, we parse text options looking for context=, then use that value from 
within SELinux as the label for all files in the mount.

Previously, as Eric mentions, we were using a method initially approved by 
the NFS folk, where, for NFS, SELinux was peeking around inside the binary 
options.  We were then asked to change that so that NFS (or other 
binary-option FS) would obtain the values itself and call into LSM with 
them.  This is what Eric's latest patch enables (a previous patch 
installed the infrastructure for it).

While this code could be put into a library if desired, there is no need 
to make any changes for filesystems with text options (i.e. the general 
case).



- James
-- 
James Morris
<jmorris@namei.org>
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html