Trusted Exensions already includes this functionality, although the
implementation is not exactly what is being requested in this thread. In
the case of Trusted Extensions, the global zone administrator determines
which labeled zone directories may be exported via NFS. There is unique
dfstab fiile for each labeled zone, but these files are not only visible
and managed from the global zone. When a zone is booted (or made ready)
its unique dfstab files is processed by the zoneadm daemon (in the
global zone) and the appropriate directories are shared. When the zone
is halted, the entries in the zone's dfstab are unshared.
The MLS policy is automatically enforced in the kernel. Remote NFS
clients must dominate the the zone's label to do read-only mounts of the
labeled zone's exports. Label equality is required for remote read-write
mounts.
Although the implementation is probably adequate for current customers
moving from Trusted Solaris 8, it has several limitations. For example,
as Darren pointed out, secure NFS using Kerberos doesn't work well
because we don't yet have a multilevel KDC. Another issue is that the
labeled zone automounters can't use LOFS to mount directories exported
from other zones running on the same host as themselves. Using NFS to
mount a locally exported filesystem may cause a deadlock. There is a bug
recorded about this for UFS, but I don't know if it has been seen with
ZFS exports.
If you have specific issues about Trusted Extensions, you should use the
security-discuss forum instead of zone-discuss or nfs-discuss.
--Glenn
Josh Fisher wrote:
Our company is a current consumer of Trusted Solaris 8 and we will be
converting to Solaris 10 with TX. For the conversion to be final however we
must wait for the Common Criteria EAL4+ CAPP, RBAC, and LSPP release of Solaris
10 with TX. We are currently using Solaris 10 Update 3 for testing. In Trusted
Solaris 8 our data is seperated into clearances which range from unclass to
Secret with compartments. Some of the classified data is shared out to other
classified systems. In Solaris 10 with TX we will seperate our clearances with
labeled zones. This is our reason nfs server functionality is needed in zones
in Solaris 10 with TX. We will have classified data which only resides in a
labeled zone which will need to be shared out to other systems with the same
clearance. If any of this is confusing I will try to explain better if need be.
Thanks.
This message posted from opensolaris.org
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
