Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp744840pxb; Thu, 5 Nov 2020 11:49:13 -0800 (PST) X-Google-Smtp-Source: ABdhPJwRBZTfY62P8/Qzu7qm0Ay/610fO1XjQegzWyviVV51OWU7r5SKVkbPts05QyauYjZ594fW X-Received: by 2002:a17:906:416:: with SMTP id d22mr3058743eja.31.1604605753479; Thu, 05 Nov 2020 11:49:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604605753; cv=none; d=google.com; s=arc-20160816; b=0ECwHJ20gZvE7miEBLQNRPH4HIW2xaz/60fX4XDL/CCKjK023fwSjnR1Tf37iInq4P 7DQ4+2aLmcoRdZBL2NkjH+kGRGUtveh97zkCgdm6UH2wVOfCho77M94ndlLmeBLa3qVo NKy54q6lMtS7mH5QRj6Gg0oTdw/bBfUbx5Bhs1ETGUOc3VwP5u9PJVkC1C3j7+KQjWsG BQDuXU6tr8UOUTvm7fIIH+45uGqQUFVqbz2Y4mE24gNNO2+xAS8GdyCze+MKeF9fn3/y D7aV7wBD6/0l9CgYSGpsHvjkIzYEl4pZjcxETQfShfBCbhuQi2VHET3J2XGZHNRSEBrR nHAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=XFof7o1OM4kH7v1f5BsZDNPjpMLcZri8eUFtQtquN2w=; b=FZpLSVrRQzgL40JUX75kZua5nUvW2OyL4SzscjrPFmqLtsK6vHwIRocZinNuo+LZe+ cQJVGJSV4aAWDNhSG0T0xqZbc30FKZ5+MmarZLxo7bI0Jt+5Zg0MBMyNtffNr7laiq6A lr2E8Sy/ZNT5pAZGE1wtrX67E9Ps0SzT+7MSv66oHkX0ATjZT8a42Brww+U6wQXbY09J 1JvmhkAWKjV19L62t3PGZP4iH6GxFylkeOu6VQCSgFQQ91blYVUkInK4X7QcE6YkodV6 p240/Q9sDp5KwOs2e/Em2sisa80dF1qwrOx7GOxaUDHAOAGy5SG7ppbYpJw6s4HwMx2i ZZ3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b=WUSWqu+j; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i14si2004832edl.282.2020.11.05.11.48.48; Thu, 05 Nov 2020 11:49:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@umich.edu header.s=google-2016-06-03 header.b=WUSWqu+j; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umich.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731149AbgKETrz (ORCPT + 99 others); Thu, 5 Nov 2020 14:47:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726729AbgKETrz (ORCPT ); Thu, 5 Nov 2020 14:47:55 -0500 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C14AEC0613CF for ; Thu, 5 Nov 2020 11:47:54 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id o9so4425469ejg.1 for ; Thu, 05 Nov 2020 11:47:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:from:date:message-id:subject:to:cc; bh=XFof7o1OM4kH7v1f5BsZDNPjpMLcZri8eUFtQtquN2w=; b=WUSWqu+jFp3ebv9fYd4CX24bZLGmu1sWr0cTwHSYfuv+OoYCL0oSVxcEh2dreRVRIJ TfjcJwuM1JGlzyIjh/sAO2CT7j7sC7uD4q3GYAQXwXOQyKv8mLQLhlqR+/uKiuiw4vLV WlEtT9d6P8ZRkPmW6LNs8xNxjfLG4Q6YaXG+X8ot8UM0XhfMcF0UmBslKDIO52prxJqm 1mCqyzsSApIpd65ToOB1Py2K3gx7dyZ+WPkTH9Zt5Ub0r42vtDXSAC8b3T72wmLuhpeH rdlzQQD5zIAYz+nv+dZDWzZih2FkqRIvShynqzO8otEQ04rHIxrfLYEt7hRtGN/7u+Rm MlWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=XFof7o1OM4kH7v1f5BsZDNPjpMLcZri8eUFtQtquN2w=; b=LPcN3SEd3VtwuG/2YlT3Voo6sz1MtTHCFRMfo3RUqzK10NaIYbO8LfB6I7A69HFQQv 9xzBdC9YeW1k5O+Swvp9E+2bk3ueahkGUwTWEZLNIb9qVzvevsFsDLSDH27FwBdzWY5X tS2i+vjq1a2/apr7F4fz4NR2heFHCc2HJwQT+anN3rVuYyC87OqO/+cJGAay+pkFs662 /CRVfQE3i8csC2Te9gNfxA45YYdIb0Gu/8w2XL7ajOzFCCCZag4vB936YYNvv+Xm1a7P ZYuJDkndYv9fjjE0wTKNsMYhpvCZ+6U9hf+lwWJdhKxig7Hjl273pGtZXO2UC5PTAimx c12w== X-Gm-Message-State: AOAM533tDJ+iSnJjd/f3ESNshyWfUFphNwP59n6uY2RmXOH1BcEtuORK OI5SRRmNGYilLG3DWetVbaP4C1AXe6Oehp0g74c= X-Received: by 2002:a17:906:3899:: with SMTP id q25mr4176528ejd.0.1604605672322; Thu, 05 Nov 2020 11:47:52 -0800 (PST) MIME-Version: 1.0 From: Olga Kornievskaia Date: Thu, 5 Nov 2020 14:47:41 -0500 Message-ID: Subject: question about labeled NFS+rfc7569+selinux To: NFSv4 Cc: linux-nfs , earsh@netapp.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi folks, I would like to know if somebody can comment on the following regarding labeled NFS. RFC 7569 talks about Label formats and specifically lists that "0" is a reserved value. Using labeled NFS with SElinux and looking at labels (in wireshark), the selinux sends sends/sets label format as 0 (ie. this is a reserved value according to the spec) So we have labelformat_spec4 set to 0 where the spec says this field "The LFS and the Security Label Format Selection Registry are described in detail in [RFC7569]". It's unlikely that "0" reserved for Selinux and not explicitly specified there? 0 seems to be a good choice for using as a default label which the RFC7862 vaguely talks about (though says nothing about the format for a default label). I'm not aware if Selinux is supposed to follow a spec and therefore I don't think it is obligated to follow the rules of RFC 7569. Anybody can comment how labeled NFS label format and SElinux label format choice are supposed to co-exist? Thank you.