login
Login / Register
Header Space

 
 

Home » Mailing list archives » linux-fsdevel » 2008 » February » 29

Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: James Morris <jmorris@...>
To: Casey Schaufler <casey@...>
Cc: Dave Quigley <dpquigl@...>, Christoph Hellwig <hch@...>, Stephen Smalley <sds@...>, <viro@...>, <trond.myklebust@...>, <bfields@...>, <linux-kernel@...>, <linux-fsdevel@...>, LSM List <linux-security-module@...>
Subject: Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name
Date: Thursday, February 28, 2008 - 10:15 pm

On Thu, 28 Feb 2008, Casey Schaufler wrote:


An xattr protocol is overkill for conveying a MAC label over the network, 
and would still not provide the required semantics.

Please see prior discussion on this e.g.

http://marc.info/?l=linux-kernel&m=120424789929258&w=2

Note that RAs are already used to convey ACLs and all other system-managed 
metatdata.  i.e. an extensible, appropriate infrastructure already exists 
in the NFSv4 protocol, and has been used successfully for similar 
purposes.  We do not need to add a new, generalized protocol to NFSv4 
for this, especially one which does not meet the requirements.




- James
-- 
James Morris
<jmorris@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
RFC Labeled NFS Initial Code Review, David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: RFC Labeled NFS Initial Code Review, Dave Quigley, (Wed Feb 27, 9:23 pm)
Re: RFC Labeled NFS Initial Code Review, Dave Quigley, (Wed Feb 27, 8:48 pm)
[PATCH 08/11] NFS: Introduce lifecycle management for label ..., David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., Dave Quigley, (Thu Feb 28, 12:46 pm)
Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., James Morris, (Thu Feb 28, 12:13 am)
Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., Dave Quigley, (Thu Feb 28, 12:24 pm)
[PATCH 07/11] NFS/SELinux: Add security_label text mount opt..., David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: [PATCH 07/11] NFS/SELinux: Add security_label text mount..., Eric Paris, (Thu Feb 28, 10:22 am)
[PATCH 06/11] SELinux: Add new labeling type native labels, David P. Quigley, (Wed Feb 27, 6:11 pm)
[PATCH 05/11] NFSv4: Add label recommended attribute and NFS..., David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: [PATCH 05/11] NFSv4: Add label recommended attribute and..., James Morris, (Wed Feb 27, 9:52 pm)
Re: [PATCH 05/11] NFSv4: Add label recommended attribute and..., Stephen Smalley, (Thu Feb 28, 9:55 am)
Re: [PATCH 05/11] NFSv4: Add label recommended attribute and..., Dave Quigley, (Wed Feb 27, 9:45 pm)
[PATCH 04/11] KConfig: Add KConfig entries for SELinux label..., David P. Quigley, (Wed Feb 27, 6:11 pm)
[PATCH 03/11] VFS: Add security label support to *notify, David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Christoph Hellwig, (Thu Feb 28, 7:54 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 7:44 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Christoph Hellwig, (Thu Feb 28, 8:23 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Fri Feb 29, 4:19 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 9:52 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 8:06 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, James Morris, (Wed Feb 27, 9:20 pm)
Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 12:07 pm)
[PATCH 02/11] Security: Add hook to calculate context based ..., David P. Quigley, (Wed Feb 27, 6:11 pm)
[PATCH 01/11] Security: Add hook to get full maclabel xattr ..., David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Fri Feb 29, 5:50 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Wed Feb 27, 7:42 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Wed Feb 27, 8:12 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Wed Feb 27, 9:07 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Stephen Smalley, (Thu Feb 28, 9:43 am)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 3:23 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Stephen Smalley, (Thu Feb 28, 3:30 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Christoph Hellwig, (Thu Feb 28, 7:48 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Stephen Smalley, (Fri Feb 29, 9:31 am)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 1:52 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 8:04 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., James Morris, (Thu Feb 28, 9:15 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 9:04 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 8:52 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 10:29 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 10:09 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Christoph Hellwig, (Thu Feb 28, 8:39 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 8:32 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 9:47 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., James Morris, (Thu Feb 28, 10:15 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 9:33 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Christoph Hellwig, (Thu Feb 28, 9:00 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Stephen Smalley, (Fri Feb 29, 9:30 am)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Stephen Smalley, (Fri Feb 29, 10:45 am)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 8:42 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 10:07 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Thu Feb 28, 9:48 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Thu Feb 28, 8:50 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 9:26 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Fri Feb 29, 1:01 am)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 1:26 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Christoph Hellwig, (Thu Feb 28, 8:51 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Thu Feb 28, 9:00 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 9:55 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Fri Feb 29, 1:04 am)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 1:46 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Fri Feb 29, 2:28 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 2:52 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Fri Feb 29, 3:50 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 5:07 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Trond Myklebust, (Fri Feb 29, 8:09 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 8:41 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Fri Feb 29, 5:00 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 6:27 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Dave Quigley, (Fri Feb 29, 6:15 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Fri Feb 29, 6:58 pm)
Re: [PATCH 01/11] Security: Add hook to get full maclabel xa..., Casey Schaufler, (Thu Feb 28, 3:59 pm)
[PATCH 11/11] NFSD: Server implementation of MAC Labeling, David P. Quigley, (Wed Feb 27, 6:11 pm)
Re: [PATCH 11/11] NFSD: Server implementation of MAC Labeling, James Morris, (Wed Feb 27, 9:46 pm)
[PATCH 10/11] NFS: Extend nfs xattr handlers to accept the s..., David P. Quigley, (Wed Feb 27, 6:11 pm)
[PATCH 09/11] NFS: Client implementation of Labeled-NFS, David P. Quigley, (Wed Feb 27, 6:11 pm)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 4 users and 1338 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary