On Mon, 2010-03-15 at 16:28 -0700, Casey Schaufler wrote: > You're missing something. Privilege semantics are different. The > behavior of unlinked files is different. Locking is different. You > are correct that in most cases it does not matter. We're not talking > about the common case, we're talking about using xattrs to store > information that is used to make security decisions. It is quite > difficult to make security claims when an object can be accessed > under two different sets of semantics. I'm sorry. Exactly _how_ are you going to prevent files from being accessed under more than one set of semantics under NFS? You have _no_ idea what kind of security mechanisms are implemented on the client. All you can do is export a given set of security labels and hope... Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html