On Wed, Nov 14, 2012 at 09:04:18AM -0500, David Quigley wrote: > On 11/14/2012 08:59, J. Bruce Fields wrote: > >On Wed, Nov 14, 2012 at 08:50:17AM -0500, David Quigley wrote: > >>On 11/14/2012 08:45, J. Bruce Fields wrote: > >>>On Tue, Nov 13, 2012 at 11:32:53PM -0500, Dave Quigley wrote: > >>>>Ok so if you go to http://www.selinuxproject.org/git you will > >>see a > >>>>repo for lnfs and lnfs-patchset. The instructions at > >>>>http://www.selinuxproject.org/page/Labeled_NFS give you a better > >>>>indication on how to pull the trees. I've attached a patch for NFS > >>>>utils which gives support for security_label/nosecurity_label in > >>>>your /etc/exports file. > >>> > >>>Do we need an export option? Is there any reason not to make the > >>>feature available whenever there's support available for it? > >> > >>I guess we could build it in but I figured an export option allowed > >>someone to turn off security labeling support if they didn't want it > >>on that export. What happens to clients when the server returns a > >>cap that they don't support? Do they mask the bits out? > > > >Yeah, they should just ignore it. > > > >While this is still experimental it's still nice to have a way to > >turn > >this on and off at runtime so people can experiment without having to > >have it on for everyone all the time. But > >nfsd_supported_minorversion > >should be sufficient for that. > > > >(I don't think your patches actually dealt yet with the fact that > >this > >is part of minor version 2? Another for the todo list.) > > > >--b. > > If we use nfsd_supported_minorversion which I'm guessing is an > export option That's just a variable in the code. It's controlled by /proc/fs/nfsd/versions. > what happens if someone wants to use other 4.2 > features but not labeling? We'll cross that bridge when we come to it, maybe by adding some new global paramater. There's no reason this really needs to be per-export, is there? --b. > I'll switch it over if you guys want it > done that way, I think though that this provides more flexibility. > Although anything that makes me carry around fewer patches is good > in my book. > > Dave -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
