RE: [PATCH 13/14] NFSD: Server implementation of MAC Labeling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/02/2013 09:01, Vu, Joseph wrote:

Thank you David.
It is good that the community at least support some short term solution. 
Labeled NFS has been working hard to get the community acceptance.

Thanks.


-----Original Message-----
From: David Quigley [mailto:dpquigl@xxxxxxxxxxxxxxx]
Sent: Monday, April 01, 2013 10:55 AM
To: Vu, Joseph
Cc: Casey Schaufler; J. Bruce Fields; Steve Dickson; Trond Myklebust;
J. Bruce Fields; David P. Quigley; Linux NFS list; Linux Security
List; SELinux List
Subject: RE: [PATCH 13/14] NFSD: Server implementation of MAC Labeling 

On 04/01/2013 08:54, Vu, Joseph wrote:


What is a good, and working alternative for NFS in term of SE label?


There isn't any unless you want to start a labeled cifs project. We
looked at CIFS and NFSv4 back when I started this project and from
what we saw NFS had the more open community. There are other solutions 
but they are not ideal. I believe someone did SELinux labels on
network attached storage by treating the NAS as an iSCSI device. This
isn't ideal because it has concurrency issues. Someone proposed xattr
for
NFSv4/NFSv3 support and that was shot down as well (and for good
reason). I don't share Casey's skepticism about the long term
importance of NFS. I think with NFSv4 and all the work that has gone
into it we'll see NFS being important in Linux and enterprises for a
very long time to come.
I don't consider this a short term solution. Labeled NFS is a long term solution with short term milestones that get us something working fairly quickly and I mean fairly quickly in IETF terms (about 5 years). I don't buy Casey's assessment that network file-system protocols are old school and on the way out. A number of storage vendors are doing lots of real work into new versions of NFS and CIFS and they are major technologies in enterprise storage. To be honest I can't even figure out what sort of "long term" solutions Casey is talking about. It looks like he strung together a bunch a buzz words together into some vague ephemeral concept. Typing his idea of future storage into Google doesn't really come up with anything substantive either. 
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux