On 11/14/2012 08:59, J. Bruce Fields wrote:
On Wed, Nov 14, 2012 at 08:50:17AM -0500, David Quigley wrote:
On 11/14/2012 08:45, J. Bruce Fields wrote:
>On Tue, Nov 13, 2012 at 11:32:53PM -0500, Dave Quigley wrote:
>>Ok so if you go to http://www.selinuxproject.org/git you will see
a
>>repo for lnfs and lnfs-patchset. The instructions at
>>http://www.selinuxproject.org/page/Labeled_NFS give you a better
>>indication on how to pull the trees. I've attached a patch for NFS
>>utils which gives support for security_label/nosecurity_label in
>>your /etc/exports file.
>
>Do we need an export option? Is there any reason not to make the
>feature available whenever there's support available for it?
I guess we could build it in but I figured an export option allowed
someone to turn off security labeling support if they didn't want it
on that export. What happens to clients when the server returns a
cap that they don't support? Do they mask the bits out?
Yeah, they should just ignore it.
While this is still experimental it's still nice to have a way to
turn
this on and off at runtime so people can experiment without having to
have it on for everyone all the time. But
nfsd_supported_minorversion
should be sufficient for that.
(I don't think your patches actually dealt yet with the fact that
this
is part of minor version 2? Another for the todo list.)
--b.
Hmm... I'll have to look at the patches again to find out. Its been so
long since I worked on these full time that I have to go back and check
quite a bit. Luckily since i put the tree up for Trond last night I
should be able to look at them while at work.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
