From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Dickson Subject: Re: [PATCH 13/17] NFS: Client implementation of Labeled-NFS Date: Wed, 08 May 2013 13:39:10 -0400 Message-ID: <518A8DBE.3010107@RedHat.com> References: <1367240239-19326-1-git-send-email-SteveD@redhat.com> <1367240239-19326-14-git-send-email-SteveD@redhat.com> <1367435005.4189.36.camel@leira.trondhjem.org> <518A7FA6.4090703@RedHat.com> <1368031432.5978.3.camel@leira.trondhjem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "J. Bruce Fields" , "David P. Quigley" , Linux NFS list , Linux FS devel list , Linux Security List , SELinux List To: "Myklebust, Trond" Return-path: In-Reply-To: <1368031432.5978.3.camel@leira.trondhjem.org> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On 08/05/13 12:43, Myklebust, Trond wrote: > On Wed, 2013-05-08 at 12:39 -0400, Steve Dickson wrote: >> >> On 01/05/13 15:03, Myklebust, Trond wrote: >>>> @@ -2409,10 +2468,26 @@ static int _nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *f >>>>> server->caps |= NFS_CAP_CTIME; >>>>> if (res.attr_bitmask[1] & FATTR4_WORD1_TIME_MODIFY) >>>>> server->caps |= NFS_CAP_MTIME; >>>>> +#ifdef CONFIG_NFS_V4_SECURITY_LABEL >>>>> + if (res.attr_bitmask[2] & FATTR4_WORD2_SECURITY_LABEL) >>>>> + server->caps |= NFS_CAP_SECURITY_LABEL; >>>>> +#endif >>>>> + memcpy(server->attr_bitmask_nl, res.attr_bitmask, >>>>> + sizeof(server->attr_bitmask)); >>>>> + >>>>> + if (server->caps & NFS_CAP_SECURITY_LABEL) >>>>> + server->attr_bitmask_nl[2] &= ~FATTR4_WORD2_SECURITY_LABEL; >>>>> >>>>> memcpy(server->cache_consistency_bitmask, res.attr_bitmask, sizeof(server->cache_consistency_bitmask)); >>>>> server->cache_consistency_bitmask[0] &= FATTR4_WORD0_CHANGE|FATTR4_WORD0_SIZE; >>>>> - server->cache_consistency_bitmask[1] &= FATTR4_WORD1_TIME_METADATA|FATTR4_WORD1_TIME_MODIFY; >>>>> + server->cache_consistency_bitmask[1] &= FATTR4_WORD1_TIME_METADATA | >>>>> + FATTR4_WORD1_TIME_MODIFY; >>>>> +#ifdef CONFIG_NFS_V4_SECURITY_LABEL >>>>> + server->cache_consistency_bitmask[2] &= FATTR4_WORD2_SECURITY_LABEL; >>> Why? How is the security label relevant to cache consistency? >> Its used to the set label bit in the GETATTR that goes out with ACCESS compound. > > The GETATTR that goes out with ACCESS is only there in order to get the > change attribute so that we know when to invalidate the access cache. It > is _only_ for cache consistency. > > Why do we need to fetch the label too? > I think I answer this in the other thread but in short access updates the inode and so it appears the goal is to synchronize inode updates and label updates. steved.