IETF Logo Mail Archive

Re: [nfsv4] [LNFS] Updated draft

Thomas Haynes <thomas@netapp.com> Tue, 03 May 2011 17:52 UTC

Return-Path: <Tom.Haynes@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B649E0756 for <nfsv4@ietfa.amsl.com>; Tue, 3 May 2011 10:52:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.415
X-Spam-Level:
X-Spam-Status: No, score=-10.415 tagged_above=-999 required=5 tests=[AWL=0.184, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvkncyUvI1KQ for <nfsv4@ietfa.amsl.com>; Tue, 3 May 2011 10:52:11 -0700 (PDT)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by ietfa.amsl.com (Postfix) with ESMTP id 98605E06B1 for <nfsv4@ietf.org>; Tue, 3 May 2011 10:52:11 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.64,310,1301900400"; d="scan'208";a="545359743"
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2-out.netapp.com with ESMTP; 03 May 2011 10:51:56 -0700
Received: from sacrsexc1-prd.hq.netapp.com (sacrsexc1-prd.hq.netapp.com [10.99.115.27]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id p43HpuFS022093; Tue, 3 May 2011 10:51:56 -0700 (PDT)
Received: from rtprsexc2-prd.hq.netapp.com ([10.100.161.115]) by sacrsexc1-prd.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 May 2011 10:51:56 -0700
Received: from RTPMVEXC1-PRD.hq.netapp.com ([10.100.161.111]) by rtprsexc2-prd.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 May 2011 13:51:54 -0400
Received: from vpn2ntap-177168.hq.netapp.com ([10.58.61.20]) by RTPMVEXC1-PRD.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 May 2011 13:51:54 -0400
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Thomas Haynes <thomas@netapp.com>
In-Reply-To: <BANLkTikVymAzkOy7vgDjiaGkZ3TO97+t4A@mail.gmail.com>
Date: Tue, 03 May 2011 12:51:52 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <A1B329AF-E783-418B-A264-E862E1725774@netapp.com>
References: <86C7E9B9-349A-4C3D-ACD1-9B50B3474137@netapp.com> <BANLkTikVymAzkOy7vgDjiaGkZ3TO97+t4A@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 03 May 2011 17:51:54.0688 (UTC) FILETIME=[CA24D400:01CC09BA]
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] [LNFS] Updated draft
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2011 17:52:12 -0000

On May 3, 2011, at 10:44 AM, Nico Williams wrote:

> On Mon, May 2, 2011 at 11:57 PM, Thomas Haynes <thomas@netapp.com> wrote:
>> I just pushed out a new version of the draft: draft-quigley-nfsv4-labeled-01
>> and it can be accessed via http://datatracker.ietf.org/doc/draft-quigley-nfsv4-labeled/
>> 
>> Since the first draft, I have added:
>> 
>> 1) The additional use cases provided by Kathleen Moriarty
>> 
>> 2) The new callback, CB_LABEL_CHANGED
> 
> Is this the only meta-data for which we'll ever want such a callback?

I think so. I'll take an AI to examine this.


> 
> If not I think a generic callback would be better.  The key is to
> distinguish critical from non-critical meta-data changes (which could
> be done via two sets of attrs, or a simple flag, for example).


Even if it is currently the only meta-data we want to support, it
might be a good idea to use your proposed extension to support
something we are not foreseeing.

What I like about this idea is that it only reports that something
has changed, but not how. The client still has to query the server
to determine the change. (Which is a requirement for this work.)


> 
>> 3) A description of LFS 0, which is a simple security system for:
>> a) Debugging infrastructure
>> b) Only storing and returning the label. I.e., allowing smart
>> clients to work together.
>> 
>> NOTE: I chose LFS 0 because it defined a default security
>> system for LNFS aware servers and it allowed for debugging
>> of the transport code.
> 
> What would this LFS' properties be?  Suppose it grants access only
> when the subject label equals the object label...  but you'd be so
> close to Smack then!


A very good question, especially when combined with Sorin's
observation that  the smart clients probably want to store labels
with the DOI that they are using. I.e., if we ever upgrade a label
aware server to a smart server, we already have the labels correct.

I think what we might want to do is use LSF 0 on the ROOTFH to
indicate that the server is label aware and not smart.

PUTROOTFH, GETATTR {FATTR4_SEC_LABEL}

A LSF of 0 states the server is label aware.
Any other LSF states that the server is smart.

And it indicates that it is a dumb server by not setting the appropriate
bit.

And then I don't know what we want to do with properties inside
the rest of the filesystem. I think we only want to allow a NULL
label if the LFS is 0. If the smart clients have an implementation
that they want to remain private, they are free to use one of
the LSF marked for Private Use only in the registry. Otherwise,
they will use the LSF that they all understand.


> 
>> 6) A means for a client to discover the LFS supported by the server.
>> 
>> An interesting point here is that we have discussed the client and
>> server having different LFS, but we haven't discussed the server
>> supporting multiple LFS at the same time. I.e., we allow for the
>> server's security system to map from LFS A to LFS B, but we
>> do not explicitly state whether the server can support multiple
>> LFS in its namespace.
>> 
>> Do we want to consider such an extension? In my mind, the
>> difficulty is in the client being presented with a directory which
>> contains objects which are the root of different LFS models.
>> I.e., the whole security flavor approach we take for AUTH_SYS
>> and kerberized access.
> 
> What would the extension be like, OTW?


I'd like to hold off on that discussion until we cover the namespace
issues.


> 
> Anyways, servers can support multiple LFSes/DOIs, either by
> translation between them or by simply allowing it and applying the
> different rulesets as appropriate.  In the latter case users will, no
> doubt, prefer to segregate content by LFS...  In practice I don't
> really see this happening.
> 
> A much more interesting model would be one where each subject and
> object can have more than one label.  This could be a DTE label and an
> MLS label -- one to enforce domain-types, the other to enforce
> compartments and levels.  This could be a useful way to combine LFSes
> (all MAC policies being ANDed).  I'm not sure that there will be
> demand for this, but, incidentally,  RPCSEC_GSSv3 allows clients to
> assert more than one subject label...


I had just been reading the RPCSEC_GSSv3 spec on that matter.



>  Just to keep this option open
> I'd suggest that NFS allow more than one object label as well.


I think we should bring this up at the next meeting. I'd also like
to keep this option open.



> 
> Nico
> --
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email