This patch set is the first submission to fs-devel and lkml for the purpose of code review. To test the patch set you need patches to nfs-utils as well. Since this is just a code review I haven't posted the patch to nfs-utils however if you want to test the code feel free to e-mail me and I will send you the necessary patch. Out of all of the functionality we have prototyped I have narrowed it down to these items which I believe is the solid base for initial kernel inclusion. These patches provide the mechanism to allow the server to provide security labels to the client and a method for the client to change labels on the server. The next revision of this patch set will allow for the client's subject (process) label to be transmitted with the access requests so the server can also make access decisions against the acting local policy. This part of the patch set will be made substantially cleaner by the credentials patches proposed by David Howells. Known Issues: Eventually stronger notification of security label changes will be added. For now this is accomplished by using NFS's normal cache invalidation (timeout). When acting as root on a root_squashed export changing the label on a file manages to set the label locally in the NFS inode but doesn't set it on the exported file system. In this case the fault is the server is returning OK for the setattr option instead of EPERM. This will be fixed in the next version. - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html