lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jul 2010 10:31:21 -0400 From: "David P. Quigley" <dpquigl@...ho.nsa.gov> To: hch@...radead.org, viro@...iv.linux.org.uk, casey@...aufler-ca.com, sds@...ho.nsa.gov, matthew.dodd@...rta.com, trond.myklebust@....uio.no, bfields@...ldses.org Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, linux-nfs@...r.kernel.org, "David P. Quigley" <dpquigl@...ho.nsa.gov>, "Matthew N. Dodd" <Matthew.Dodd@...rta.com> Subject: [PATCH 05/10] KConfig: Add KConfig entries for Labeled NFS This patch adds two entries into the fs/KConfig file. The first entry NFS_V4_SECURITY_LABEL enables security label support for the NFSv4 client while the second entry NFSD_V4_SECURITY_LABEL enables security labeling support on the server side. Signed-off-by: Matthew N. Dodd <Matthew.Dodd@...rta.com> Signed-off-by: David P. Quigley <dpquigl@...ho.nsa.gov> --- fs/nfs/Kconfig | 16 ++++++++++++++++ fs/nfsd/Kconfig | 13 +++++++++++++ 2 files changed, 29 insertions(+), 0 deletions(-) diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig index a43d07e..67b158c 100644 --- a/fs/nfs/Kconfig +++ b/fs/nfs/Kconfig @@ -83,6 +83,22 @@ config NFS_V4_1 Unless you're an NFS developer, say N. +config NFS_V4_SECURITY_LABEL + bool "Provide Security Label support for NFSv4 client" + depends on NFS_V4 && SECURITY + help + + Say Y here if you want enable fine-grained security label attribute + support for NFS version 4. Security labels allow security modules like + SELinux and Smack to label files to facilitate enforcement of their policies. + Without this an NFSv4 mount will have the same label on each file. + + If you do not wish to enable fine-grained security labels SELinux or + Smack policies on NFSv4 files, say N. + + + If unsure, say N. + config ROOT_NFS bool "Root file system on NFS" depends on NFS_FS=y && IP_PNP diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig index 503b9da..3a282f8 100644 --- a/fs/nfsd/Kconfig +++ b/fs/nfsd/Kconfig @@ -79,3 +79,16 @@ config NFSD_V4 available from http://linux-nfs.org/. If unsure, say N. + +config NFSD_V4_SECURITY_LABEL + bool "Provide Security Label support for NFSv4 server" + depends on NFSD_V4 && SECURITY + help + + Say Y here if you want enable fine-grained security label attribute + support for NFS version 4. Security labels allow security modules like + SELinux and Smack to label files to facilitate enforcement of their policies. + Without this an NFSv4 mount will have the same label on each file. + + If you do not wish to enable fine-grained security labels SELinux or + Smack policies on NFSv4 files, say N. -- 1.6.2.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists