On Fri, 2009-04-03 at 19:31 +1100, James Morris wrote: > On Wed, 26 Nov 2008, David P. Quigley wrote: > > > diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h > > index ea03667..144eacf 100644 > > --- a/include/linux/nfs4.h > > +++ b/include/linux/nfs4.h > > @@ -21,6 +21,7 @@ > > #define NFS4_FHSIZE 128 > > #define NFS4_MAXPATHLEN PATH_MAX > > #define NFS4_MAXNAMLEN NAME_MAX > > +#define NFS4_MAXLABELLEN 4096 > > I can't recall if this has been discussed before, but why is the label > length limited to this value? > > SELinux on-disk labels can be up to 64KB in size (XATTR_SIZE_MAX), and I'd > like to ensure that we don't end up with an unnecessary disk vs. network > label size incompatibility. > > While it seems unlikely that SELinux (and other forms of MAC) security > labels would currently exceed 4K, we don't know how SELinux might be > extended in the future, and should avoid limiting label flexibility > beyond existing constraints. > > > - James Also there is nothing in the specification that limits it to 4k. This is a specific implementation detail of the Linux prototype and can be changed at a later date if necessary without having to modify any documents. Dave -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
