NFSv4: Add label recommended attribute and NFSv4 flags
in [Kernel]
|
Prev: cfq-iosched: fix tree-wide handling of rq_noidle
Next: [tip:x86/alternatives] x86, alternatives: Use 16-bit numbers for cpufeature index
From: J. Bruce Fields on 7 Jul 2010 13:10 On Wed, Jul 07, 2010 at 10:31:22AM -0400, David P. Quigley wrote: > This patch adds a new recommended attribute named label into the NFSv4 file Make that '... recommended attribute named "security_label"' ? > +#define NFS4_MAXLABELLEN 4096 Idle curiosity--why 4096? (Why couldn't it be 16? And how do we know people will never want 8192?) > +#define NFSEXP_SECURITY_LABEL 0x0040 /* Support security label fattr4 */ I guess that answers my earlier question. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: James Morris on 7 Jul 2010 19:40 On Wed, 7 Jul 2010, J. Bruce Fields wrote: > On Wed, Jul 07, 2010 at 10:31:22AM -0400, David P. Quigley wrote: > > > +#define NFS4_MAXLABELLEN 4096 > > Idle curiosity--why 4096? (Why couldn't it be 16? And how do we know > people will never want 8192?) I think I raised this a while back, too. The maximum security label size on Linux is: #define XATTR_SIZE_MAX 65536 Why arbitrarily limit this over the network? Someone could have a valid local security label which can't be conveyed via NFS. - James -- James Morris <jmorris(a)namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: David P. Quigley on 8 Jul 2010 09:50
From: James Morris on 8 Jul 2010 18:50 On Thu, 8 Jul 2010, David P. Quigley wrote: > > The maximum security label size on Linux is: > > > > #define XATTR_SIZE_MAX 65536 > > > > Why arbitrarily limit this over the network? > > Because there is no easy way not to. The specification doesn't specify a > limit to label size in the IETF draft. However there is no way to do > allocation of the memory needed to store the label where we first get > access to its size. We tried this before and it failed. When I asked > trond about it he said doing memory allocation in the rpc context isn't > allowed. In the NFSv3 code, the workaround I've been using is to always allocate 64k, but the correct way of doing this apparently is to use the page cache, as is used for ACLs and symlinks. > For the most part what would make this label size inadequate would be > the MLS component. There are some cases where people want every other > compartment or something crazy like that. In terms of a normal label > though 4096 should be more than enough. Yes, but we should not unnecessarily limit the network protocol when something is valid and possible in the local implementation (which is ~64k under Linux). > Just to put this in perspective the string below is 4096 a's. A security label include just about anything, e.g. an x509 certificate, or a base64 encoded image. In the Linux implementation, if we can store a local label up to 64k, then we should try and ensure that it can be conveyed via NFS. - James -- James Morris <jmorris(a)namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Stephen Smalley on 9 Jul 2010 09:50
On Fri, 2010-07-09 at 08:48 +1000, James Morris wrote: > On Thu, 8 Jul 2010, David P. Quigley wrote: > > > > The maximum security label size on Linux is: > > > > > > #define XATTR_SIZE_MAX 65536 > > > > > > Why arbitrarily limit this over the network? > > > > Because there is no easy way not to. The specification doesn't specify a > > limit to label size in the IETF draft. However there is no way to do > > allocation of the memory needed to store the label where we first get > > access to its size. We tried this before and it failed. When I asked > > trond about it he said doing memory allocation in the rpc context isn't > > allowed. > > In the NFSv3 code, the workaround I've been using is to always allocate > 64k, but the correct way of doing this apparently is to use the page > cache, as is used for ACLs and symlinks. > > > For the most part what would make this label size inadequate would be > > the MLS component. There are some cases where people want every other > > compartment or something crazy like that. In terms of a normal label > > though 4096 should be more than enough. > > Yes, but we should not unnecessarily limit the network protocol when > something is valid and possible in the local implementation (which is ~64k > under Linux). > > > Just to put this in perspective the string below is 4096 a's. > > A security label include just about anything, e.g. an x509 certificate, or > a base64 encoded image. > > In the Linux implementation, if we can store a local label up to 64k, then > we should try and ensure that it can be conveyed via NFS. You can't store a local label up to 64k on Linux; that is just what the xattr API permits, not the underlying filesystem implementations (at least ext[234]). # touch foobar # setfattr -n user.foo -v `perl -e 'print "a" x 4096'` foobar setfattr: foobar: No space left on device Also the /proc/self/attr and selinuxfs APIs are presently limited to page size. -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |