On Tue, 19 Feb 2008, Christoph Hellwig wrote: > Please don't introduce a special case for just nfs. All filesystems > should control their mount options, so please provide some library > helpers for context= handling and move it into all filesystems that > can support selinux.
It's not so much a special case for NFS, just that NFS happens to use binary mount options. So, I guess it could be put into a library for other potential filesystems with binary mount options. To clarify: The SELinux options are indeed filesystem independent, and the FS should really not need to be concerned at all with them. For everything except NFS, we parse text options looking for context=, then use that value from within SELinux as the label for all files in the mount. Previously, as Eric mentions, we were using a method initially approved by the NFS folk, where, for NFS, SELinux was peeking around inside the binary options. We were then asked to change that so that NFS (or other binary-option FS) would obtain the values itself and call into LSM with them. This is what Eric's latest patch enables (a previous patch installed the infrastructure for it). While this code could be put into a library if desired, there is no need to make any changes for filesystems with text options (i.e. the general case). - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
