Return-Path: linux-nfs-owner@vger.kernel.org Received: from countercultured.net ([209.51.175.25]:37824 "HELO countercultured.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1752923Ab3AXEE0 (ORCPT ); Wed, 23 Jan 2013 23:04:26 -0500 Message-ID: <5100B140.6020505@davequigley.com> Date: Wed, 23 Jan 2013 22:57:52 -0500 From: Dave Quigley MIME-Version: 1.0 To: "Myklebust, Trond" CC: Steve Dickson , "J. Bruce Fields" , Linux NFS Mailing list , Stephen Smalley , eparis@redhat.com, jmorris@namei.org Subject: Re: [PATCH 04/14] SELinux: Add new labeling type native labels References: <1358862042-27520-1-git-send-email-steved@redhat.com> <1358862042-27520-5-git-send-email-steved@redhat.com> <4FA345DA4F4AE44899BD2B03EEEC2FA9183324B1@sacexcmbx05-prd.hq.netapp.com> In-Reply-To: <4FA345DA4F4AE44899BD2B03EEEC2FA9183324B1@sacexcmbx05-prd.hq.netapp.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: linux-nfs-owner@vger.kernel.org List-ID: On 1/23/2013 1:36 PM, Myklebust, Trond wrote: > On Tue, 2013-01-22 at 08:40 -0500, Steve Dickson wrote: >> From: David Quigley >> >> There currently doesn't exist a labeling type that is adequate for use with >> labeled NFS. Since NFS doesn't really support xattrs we can't use the use xattr >> labeling behavior. For this we developed a new labeling type. The native >> labeling type is used solely by NFS to ensure NFS inodes are labeled at runtime >> by the NFS code instead of relying on the SELinux security server on the client >> end. >> >> Signed-off-by: Matthew N. Dodd >> Signed-off-by: Miguel Rodel Felipe >> Signed-off-by: Phua Eu Gene >> Signed-off-by: Khin Mi Mi Aung >> --- >> include/linux/security.h | 3 +++ >> security/selinux/hooks.c | 35 ++++++++++++++++++++++++++--------- >> security/selinux/include/security.h | 2 ++ >> security/selinux/ss/policydb.c | 5 ++++- >> 4 files changed, 35 insertions(+), 10 deletions(-) > > ...OK. You get the drift... :-) > Adding James Morris, Steve Smalley, and Eric Paris for an ACK. These patches have been reviewed on the security list many times in the past and we're just now trying to get them mainlined again. All past comments were addressed in them.