Re: [PATCH 07/11] NFS/SELinux: Add security_label text mount option to nfs and add handling code to the security server.

From: Eric Paris
Date: Thu Feb 28 2008 - 09:23:37 EST


On 2/27/08, David P. Quigley <dpquigl@xxxxxxxxxxxxx> wrote:
> The new method for pulling argument for NFS from mount is through a text
> parsing system. This patch adds two new entries to the argument parsing code
> "securlty_label" and "nosecurity_label". Even though we use text across the
> user/kernel boundary internally we still pack a binary structure for mount info
> to be passed around. We add a flag for use in the nfs{4,}_mount_data struct to
> indicate that are using security labels. Finally we add the SELinux support to
> mark the labeling method as native.

I've got patches that noone has seen because I haven't posted them yet
(my test box crashed yesterday and I didn't have time to make sure it
wasn't my new patches) you are going to need to rebase this against.
Adding more nfs'isms to selinux code isn't a good thing in the long
run. But, does this even really work? I thought both NFS and NFSv4
were actually passing around struct nfs_parsed_mount_data now rather
than just nfs_mount_data. Maybe not, but this patch, although fine
for testing isn't fine to go in. I'll get you and the list my new
option interfaces on monday so we can get NFS out of all of the LSMs
and get SELinux out of NFS.

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/