MCS article
James Morris
jmorris at namei.org
Thu Jan 19 19:48:24 UTC 2006
On Thu, 19 Jan 2006, Rudi Chiarito wrote:
> On Thu, Jan 19, 2006 at 10:56:53AM -0500, James Morris wrote:
> > "Getting Started with Multi-Category Security (MCS)"
> > http://james-morris.livejournal.com/8228.html
> > Feedback, suggestions etc. welcome.
>
> My burning question would be: is any of that supported by any of the
> network filesystems yet? If not, who might get there first?
NFS support is some way off. For NFSv4, the protocol needs to be modified
to include support for Linux/BSD xattrs, as the named attributes in the
spec are designed for Solaris xattrs, which are really subfiles.
I'm not sure if the old NFSv3 code from the NSA would be acceptable
upstream as it's non-standard, although I'm not sure if anyone has really
looked into this issue with upstream folk.
Adding MCS support to Samba, however, seems potentially simpler, in that
the server runs in userspace, and that the protocol may not need to be
modified (for just MCS).
- James
--
James Morris
<jmorris at namei.org>
More information about the fedora-selinux-list
mailing list