Difference between revisions of "Developer Summit 2009/Abstracts/Quigley Labeled NFS"
JamesMorris (Talk | contribs) (New page: == Author == Dave Quigley == Topic == State of Labeled NFS Effort == Abstract == As the use of SELinux expands in Enterprise environments customers are requesting the ability to use S...) |
(No difference)
|
Revision as of 09:00, 2 July 2009
Author
Dave Quigley
Topic
State of Labeled NFS Effort
Abstract
As the use of SELinux expands in Enterprise environments customers are requesting the ability to use SELinux with their NFS based network storage. The labeled-nfs project seeks to extend the NFSv4 protocol to provide a generic mechanism for conveying process and file MAC security attribute information for use by security mechanisms employed on the client and server.
This talk explores the design and implementation for the labeled-nfs effort. We discuss why certain design decisions were made and what impact they have on the implementation of NFS in the Linux kernel and NFS userland infrastructure. Finally we discuss how parts of the labeled-nfs infrastructure can be used in other remote file systems.