Labeled NFS/TODO

From SELinux Wiki
Revision as of 20:57, 29 September 2009 by DaveQuigley (Talk | contribs)

Jump to: navigation, search

Labeled NFS TODO List

This page contains a list of TODO items for the Labeled NFS project. Each section describes the high level task and subtasks identified for the task so far. These sections also have a brief description of the current status and progress of each task.

Task List

Linux Prototype Tasks

  • Label Translation Framework
  • Provide a mechanism to allow NFSD to determine a context to perform operations as
  • Implement RPCSECGSSv3
  • Develop MLS CALIPSO Translation Module (Preferably Linux/FreeBSD portable)

IETF Tasks:

  • Labeled NFS Scope Document
  • Policy Format Specification Document
  • CALIPSO MLS Format Specification Document

FreeBSD 8.0 Prototype Tasks

  • Implement MAC Recommended attribute
  • Implement RPCSECGSSv3
  • Implement Translation Framework
  • Implement CALIPSO MLS Translation Module

Linux Prototype Tasks

Label Translation Framework

Description: To handle the scenario where NFS servers and clients may not be running the same MAC policy or even MAC model there needs to be a way for the client or server to translate the MAC label into a format it can understand. The exact semantics of these translations are still being worked through however a mechanism is needed to allow for the kernel and user space to communicate. In addition to this a framework for supplying translation modules needs to be present to allow for a plugable method of dealing with these translations.


  • Review existing label translation framework patches
  • Determine changes in NFS/User-space communication mechanisms since patches were written
  • Update patches to reflect new changes to rpcpipefs and to leverage changes made by idmapd

Status: When the Labeled NFS effort was first started an initial prototype of the translation framework and daemon were written. These patches still exist but need to be updated to the latest version of Labeled NFS and of nfs-utils. The patches can be made available anyone who wants to attempt to update the code.


Description: Subtasks:


IETF Tasks

FreeBSD 8.0 Prototype Tasks