* SELinux compatible with XFS?
@ 2001-03-18 20:55 K Mitchell Russell
0 siblings, 0 replies; 5+ messages in thread
From: K Mitchell Russell @ 2001-03-18 20:55 UTC (permalink / raw
To: selinux
Colleagues,
Is the SELinux patch for 2.4.2 kernel usable with an existing Linux
(SGI) XFS filesystem? Or does it require the ext2 filesystem for
labelling. Just thought I would check with other's experiences before
embarking down this tortuous path.
Many thanks,
K. Mitchell Russell, M.D.
kmrussel@hsc.vcu.edu
MedITAC Research Lab
www.meditac.com
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux compatible with XFS?
@ 2001-03-19 16:45 Howard Holm
2001-03-19 18:51 ` Jose Nazario
2001-03-20 20:24 ` Florin Andrei
0 siblings, 2 replies; 5+ messages in thread
From: Howard Holm @ 2001-03-19 16:45 UTC (permalink / raw
To: kmrussel; +Cc: selinux
A labeled file system is necessary to do anything usefull with
SELinux. We have not currently done any work to provide labels in
XFS. Echoing Stephen Smalley's note to Mark Lucas on Friday about
ReiserFS, we provide general support for all file systems for mapping
persistent security identifiers (PSIDs) to security contexts in
fs/psid.c, so each file system type only needs to implement support for
binding a PSID to each on-disk inode. With ext2, we were able to use
an unused field in the on-disk inode to store the PSID.
While I'm not completely familiar with XFS, my understanding is that
one of its advantages is that it stores extended attributes with the
files. So, it should, hopefully, be relatively easy to add a PSID to the
extended file attributes. That said, it isn't one of NSA's priorities
to add that support. If someone else wants it enough to do the work,
we'd certainly like to see the results made available.
K Mitchell Russell writes:
>
> Is the SELinux patch for 2.4.2 kernel usable with an existing Linux
> (SGI) XFS filesystem? Or does it require the ext2 filesystem for
> labelling. Just thought I would check with other's experiences before
> embarking down this tortuous path.
--
Howard Holm <hdholm@epoch.ncsc.mil>
Information Assurance Research Office
National Security Agency
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux compatible with XFS?
2001-03-19 16:45 SELinux compatible with XFS? Howard Holm
@ 2001-03-19 18:51 ` Jose Nazario
2001-03-20 12:06 ` Michael Tiemann
2001-03-20 20:24 ` Florin Andrei
1 sibling, 1 reply; 5+ messages in thread
From: Jose Nazario @ 2001-03-19 18:51 UTC (permalink / raw
To: Howard Holm; +Cc: kmrussel, selinux
On Mon, 19 Mar 2001, Howard Holm wrote:
> While I'm not completely familiar with XFS, my understanding is that
> one of its advantages is that it stores extended attributes with the
> files. So, it should, hopefully, be relatively easy to add a PSID to
> the extended file attributes. That said, it isn't one of NSA's
> priorities to add that support. If someone else wants it enough to do
> the work, we'd certainly like to see the results made available.
i'd like to chime in with some notes from the field and some links.
first up, we've just migrated *away* from XFS on some early 2.4 kernels on
out local LUG server, lockups and IO problems were just too great. that is
to say that this may have been fixed in recent releases of the 2.4 kernel
and the XFS source. i hope so, we would hover around 8 hours of uptime on
a busy server.
however, Linus is not happy to import large chunks of code into the
kernel, which will probably slow the adoption of XFS in Linux. also, they
recently officialy merged Reiser in, albeit you have to request
experimental code.
but, having been using XFS on IRIX for many, many years, i can say it's
one high performance filesystem. and yes, it does have extended attributes
on Linux, like MACLs and such. very nice, indeed. hence, with whatever
little weight i have here (i don't code stuff for you guys, for example),
i would like to vote for XFS in SELinux over other filesystems. i know
that SGI could use the help, and i know that the features of XFS would be
well utilized in SELinux.
some papers on XFS have appeared, and are available in large measure at:
http://linux-xfs.sgi.com/projects/xfs/publications.html
later,
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux compatible with XFS?
2001-03-19 18:51 ` Jose Nazario
@ 2001-03-20 12:06 ` Michael Tiemann
0 siblings, 0 replies; 5+ messages in thread
From: Michael Tiemann @ 2001-03-20 12:06 UTC (permalink / raw
To: Jose Nazario; +Cc: Howard Holm, kmrussel, selinux
We've been doing extensive testing of the 2.4 kernel, and there are all
sorts of exciting ways in which it can corrupt _any_ filesystem (it's one
reason we haven't released a 2.4-based product ;-). We're working hard
with others to fix those problems. I wouldn't blame XFS just yet.
M
Jose Nazario wrote:
> On Mon, 19 Mar 2001, Howard Holm wrote:
>
>
>> While I'm not completely familiar with XFS, my understanding is that
>> one of its advantages is that it stores extended attributes with the
>> files. So, it should, hopefully, be relatively easy to add a PSID to
>> the extended file attributes. That said, it isn't one of NSA's
>> priorities to add that support. If someone else wants it enough to do
>> the work, we'd certainly like to see the results made available.
>
>
> i'd like to chime in with some notes from the field and some links.
>
> first up, we've just migrated *away* from XFS on some early 2.4 kernels on
> out local LUG server, lockups and IO problems were just too great. that is
> to say that this may have been fixed in recent releases of the 2.4 kernel
> and the XFS source. i hope so, we would hover around 8 hours of uptime on
> a busy server.
>
> however, Linus is not happy to import large chunks of code into the
> kernel, which will probably slow the adoption of XFS in Linux. also, they
> recently officialy merged Reiser in, albeit you have to request
> experimental code.
>
> but, having been using XFS on IRIX for many, many years, i can say it's
> one high performance filesystem. and yes, it does have extended attributes
> on Linux, like MACLs and such. very nice, indeed. hence, with whatever
> little weight i have here (i don't code stuff for you guys, for example),
> i would like to vote for XFS in SELinux over other filesystems. i know
> that SGI could use the help, and i know that the features of XFS would be
> well utilized in SELinux.
>
> some papers on XFS have appeared, and are available in large measure at:
>
> http://linux-xfs.sgi.com/projects/xfs/publications.html
>
> later,
>
> ____________________________
> jose nazario jose@cwru.edu
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux compatible with XFS?
2001-03-19 16:45 SELinux compatible with XFS? Howard Holm
2001-03-19 18:51 ` Jose Nazario
@ 2001-03-20 20:24 ` Florin Andrei
1 sibling, 0 replies; 5+ messages in thread
From: Florin Andrei @ 2001-03-20 20:24 UTC (permalink / raw
To: selinux
On 19 Mar 2001 11:45:23 -0500, Howard Holm wrote:
>
> While I'm not completely familiar with XFS, my understanding is that
> one of its advantages is that it stores extended attributes with the
> files. So, it should, hopefully, be relatively easy to add a PSID to the
> extended file attributes. That said, it isn't one of NSA's priorities
> to add that support. If someone else wants it enough to do the work,
> we'd certainly like to see the results made available.
So, i suppose the same is true for SELinux and ReiserFS, right?
It would be nice to have journaling FS with SELinux... ;-)
--
Florin Andrei
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2001-03-20 20:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-03-19 16:45 SELinux compatible with XFS? Howard Holm
2001-03-19 18:51 ` Jose Nazario
2001-03-20 12:06 ` Michael Tiemann
2001-03-20 20:24 ` Florin Andrei
-- strict thread matches above, loose matches on Subject: below --
2001-03-18 20:55 K Mitchell Russell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.