On Fri, Nov 30, 2012 at 08:50:55AM -0500, Stephen Smalley wrote: > On the SELinux side, we don't require CAP_MAC_ADMIN to set the > SELinux attribute on a file in the normal case, only when the > SELinux attribute is not known to the security policy yet. So > granting CAP_MAC_ADMIN there means that a client will be able to set > security contexts on files that are unknown to the server. I guess > that might even be desirable in some instances where client and > server policy are different. Note (as you probably know) this first pass at labeled NFS only lets us label files, not rpc calls--if we want the server to know who's doing something (beyond the information the rpc headers already carry), we'll need to implement rpcsec_gss v3, and that's a project for another day. I've been assuming that makes server-side enforcement less useful for now. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
