lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7e0fb38c0802280622o75a474deg38157ff6aace16b@mail.gmail.com>
Date:	Thu, 28 Feb 2008 09:22:50 -0500
From:	"Eric Paris" <eparis@...isplace.org>
To:	"David P. Quigley" <dpquigl@...ho.nsa.gov>
Cc:	hch@...radead.org, viro@....linux.org.uk,
	trond.myklebust@....uio.no, bfields@...ldses.org,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 07/11] NFS/SELinux: Add security_label text mount option to nfs and add handling code to the security server.

On 2/27/08, David P. Quigley <dpquigl@...ho.nsa.gov> wrote:
> The new method for pulling argument for NFS from mount is through a text
>  parsing system. This patch adds two new entries to the argument parsing code
>  "securlty_label" and "nosecurity_label". Even though we use text across the
>  user/kernel boundary internally we still pack a binary structure for mount info
>  to be passed around. We add a flag for use in the nfs{4,}_mount_data struct to
>  indicate that are using security labels. Finally we add the SELinux support to
>  mark the labeling method as native.

I've got patches that noone has seen because I haven't posted them yet
(my test box crashed yesterday and I didn't have time to make sure it
wasn't my new patches) you are going to need to rebase this against.
Adding more nfs'isms to selinux code isn't a good thing in the long
run.  But, does this even really work?  I thought both NFS and NFSv4
were actually passing around struct nfs_parsed_mount_data now rather
than just nfs_mount_data.  Maybe not, but this patch, although fine
for testing isn't fine to go in.  I'll get you and the list my new
option interfaces on monday so we can get NFS out of all of the LSMs
and get SELinux out of NFS.

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ