On Thu, Aug 1, 2019 at 3:39 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > As part of my work on LSM stacking I've encountered some issues with > the Linux implementation of NFS4 security labels. For example, the LFS > data is ignored, so even if the client and server are willing to identify > the kind of information they are passing, the identity information isn't > available. The code asks if attributes requested are mandatory access > control attributes, but cannot differentiate between which of the possible > security attribute the other end is providing. > > Is anyone actively owing the NFS labeling code? I'd like to bounce an > idea or two around before committing too much time to my ideas of > solutions. I guess it all depends on what you mean by "own". Historically it has been a mix of the NFS and SELinux folks that have worked on it and contributed patches, with code sprinkled between the two subsystems (and possibly elsewhere too). I suspect a better question would be: who should you work with to discuss issues the labeled NFS code? I don't want to assume too much, but I think you know the answer to that one already ;) -- paul moore www.paul-moore.com
