Developer Summit 2009/Abstracts/Quigley Labeled NFS

From SELinux Wiki
Revision as of 09:00, 2 July 2009 by JamesMorris (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Dave Quigley


State of Labeled NFS Effort


As the use of SELinux expands in Enterprise environments customers are requesting the ability to use SELinux with their NFS based network storage. The labeled-nfs project seeks to extend the NFSv4 protocol to provide a generic mechanism for conveying process and file MAC security attribute information for use by security mechanisms employed on the client and server.

This talk explores the design and implementation for the labeled-nfs effort. We discuss why certain design decisions were made and what impact they have on the implementation of NFS in the Linux kernel and NFS userland infrastructure. Finally we discuss how parts of the labeled-nfs infrastructure can be used in other remote file systems.