Difference between revisions of "Labeled NFS/TODO"
DaveQuigley (Talk | contribs) |
DaveQuigley (Talk | contribs) |
||
Line 12: | Line 12: | ||
'''IETF Tasks:''' | '''IETF Tasks:''' | ||
+ | * Labeled NFS Scope Document | ||
* Policy Format Specification Document | * Policy Format Specification Document | ||
* CALIPSO MLS Format Specification Document | * CALIPSO MLS Format Specification Document | ||
Line 20: | Line 21: | ||
* Implement Translation Framework | * Implement Translation Framework | ||
* Implement CALIPSO MLS Translation Module | * Implement CALIPSO MLS Translation Module | ||
+ | |||
+ | == Linux Prototype Tasks == | ||
+ | |||
+ | === Label Translation Framework === | ||
+ | |||
+ | '''Description:''' | ||
+ | To handle the scenario where NFS servers and clients may not be running the same MAC policy or even MAC model there needs to be a way for the client or server to translate the MAC label into a format it can understand. The exact semantics of these translations are still being worked through however a mechanism is needed to allow for the kernel and user space to communicate. In addition to this a framework for supplying translation modules needs to be present to allow for a plugable method of dealing with these translations. | ||
+ | |||
+ | '''Subtasks:''' | ||
+ | * Review existing label translation framework patches | ||
+ | * Determine changes in NFS/User-space communication mechanisms since patches were written | ||
+ | * Update patches to reflect new changes to rpcpipefs and to leverage changes made by idmapd | ||
+ | |||
+ | '''Status:''' | ||
+ | When the Labeled NFS effort was first started an initial prototype of the translation framework and daemon were written. These patches still exist but need to be updated to the latest version of Labeled NFS and of nfs-utils. The patches can be made available anyone who wants to attempt to update the code. | ||
+ | |||
+ | |||
+ | === Item === | ||
+ | |||
+ | '''Description:''' | ||
+ | '''Subtasks:''' | ||
+ | * | ||
+ | '''Status:''' | ||
+ | |||
+ | == IETF Tasks == | ||
+ | |||
+ | == FreeBSD 8.0 Prototype Tasks == |
Revision as of 20:57, 29 September 2009
Contents
Labeled NFS TODO List
This page contains a list of TODO items for the Labeled NFS project. Each section describes the high level task and subtasks identified for the task so far. These sections also have a brief description of the current status and progress of each task.
Task List
Linux Prototype Tasks
- Label Translation Framework
- Provide a mechanism to allow NFSD to determine a context to perform operations as
- Implement RPCSECGSSv3
- Develop MLS CALIPSO Translation Module (Preferably Linux/FreeBSD portable)
IETF Tasks:
- Labeled NFS Scope Document
- Policy Format Specification Document
- CALIPSO MLS Format Specification Document
FreeBSD 8.0 Prototype Tasks
- Implement MAC Recommended attribute
- Implement RPCSECGSSv3
- Implement Translation Framework
- Implement CALIPSO MLS Translation Module
Linux Prototype Tasks
Label Translation Framework
Description: To handle the scenario where NFS servers and clients may not be running the same MAC policy or even MAC model there needs to be a way for the client or server to translate the MAC label into a format it can understand. The exact semantics of these translations are still being worked through however a mechanism is needed to allow for the kernel and user space to communicate. In addition to this a framework for supplying translation modules needs to be present to allow for a plugable method of dealing with these translations.
Subtasks:
- Review existing label translation framework patches
- Determine changes in NFS/User-space communication mechanisms since patches were written
- Update patches to reflect new changes to rpcpipefs and to leverage changes made by idmapd
Status: When the Labeled NFS effort was first started an initial prototype of the translation framework and daemon were written. These patches still exist but need to be updated to the latest version of Labeled NFS and of nfs-utils. The patches can be made available anyone who wants to attempt to update the code.
Item
Description: Subtasks:
Status: