On Thu, May 27, 2010 at 01:14:44PM -0400, David P. Quigley wrote: > I've cleaned up the past meetings minutes and have posted them on my > selinuxproject.org webpage [0]. From now on I will be placing all > telecon minutes there hopefully within 48 hours of the meeting. > > Dave > > [0] http://www.selinuxproject.org/~dpquigl/telecon/
IMO posting the minutes to the WG list in addition to posting them at selinuxproject.org would be good because then the IETF itself would have them archived. Anyways, from the minutes: | Jarrett: I think we are running into a true interoperability problem. | Not all systems define the same namespaces for privileges. Indeed, but RPCSEC_GSSv3 doesn't need to be aware of all the complexity of various privilege systems. For example, there's no need for it to be aware of the Solaris L, P, E and I sets, nor oP/oE, nor anything about transitions. Similarly for Linux capabilities. Nor does RPCSEC_GSSv3 itself need to know about individual privileges -- that's an application problem. For NFSv4 we can probably (almost certainly, IMO) do a good job of defining privileges that make sense for NFSv4 and which can be mapped onto native privileges on the client and server. If need be we could define a privilege for every NFSv4 operation, and we could still map them to/from Solaris privs and Linux capabilities. Nico -- _______________________________________________ nfs-discuss mailing list [email protected]
