IETF Logo Mail Archive

Re: [nfsv4] Scribe 5/17

"Haynes, Tom" <thomas@netapp.com> Wed, 23 May 2012 18:53 UTC

Return-Path: <thomas@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C93D621F85F9 for <nfsv4@ietfa.amsl.com>; Wed, 23 May 2012 11:53:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.999
X-Spam-Level:
X-Spam-Status: No, score=-9.999 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qoIdlIhpxD61 for <nfsv4@ietfa.amsl.com>; Wed, 23 May 2012 11:53:15 -0700 (PDT)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by ietfa.amsl.com (Postfix) with ESMTP id 4989421F85F0 for <nfsv4@ietf.org>; Wed, 23 May 2012 11:53:15 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.75,645,1330934400"; d="scan'208";a="649864626"
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2-out.netapp.com with ESMTP; 23 May 2012 11:53:00 -0700
Received: from loghyr.hq.netapp.com (loghyr.hq.netapp.com [10.34.16.47]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id q4NIqx43016368; Wed, 23 May 2012 11:52:59 -0700 (PDT)
Received: from loghyr.hq.netapp.com (localhost.localdomain [127.0.0.1]) by loghyr.hq.netapp.com (8.14.5/8.14.5) with ESMTP id q4NIqxT6009468; Wed, 23 May 2012 11:52:59 -0700
Received: (from thomas@localhost) by loghyr.hq.netapp.com (8.14.5/8.14.5/Submit) id q4NIqtPV009467; Wed, 23 May 2012 11:52:55 -0700
Date: Wed, 23 May 2012 11:52:55 -0700
From: "Haynes, Tom" <thomas@netapp.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Message-ID: <20120523185255.GC8662@netapp.com>
References: <20120518172704.GA5857@fieldses.org> <CBDBE508.22441%tom.haynes@netapp.com> <20120518190956.GD5857@fieldses.org> <f9ab21478841ca9a95ca7fee7381e809@countercultured.net> <20120518202708.GA7412@fieldses.org> <4FB974D3.1070104@davequigley.com> <20120522180350.GA4697@fieldses.org> <20120522192623.GA8662@netapp.com> <20120523183516.GA13710@fieldses.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20120523183516.GA13710@fieldses.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] Scribe 5/17
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 18:53:15 -0000

On Wed, May 23, 2012 at 02:35:16PM -0400, J. Bruce Fields wrote:
> 
> I assume you meant: "... only care about regular files that have open
> state", but I'm nost sure.
> 
> That wouldn't agree with what Dave's said.
> 
> Looking at http://tools.ietf.org/html/draft-ietf-nfsv4-labreqs-03 it
> says a couple different things:
> 
> 	Servers MUST provide a mechanism for notifying clients of
> 	attribute changes of files on the server."
> 
> I'd be willing to take "files" to mean regular files, except the
> sentence above says "Servers MUST be able to store and retrieve the
> security attribute of exported files as requested by the client", and in
> that case "files" was clearly meant to be all filesystem objects.
> 
> Then later for limited server mode it says "The server MUST inform
> clients when an object label changes for a file the client has open."
> 
> So I don't know.

BTW - Please bring this up on the Last Call for that document. :->

(see below for some comments)

> 
> My concern is just that the authors may not have overlooked the fact
> that in NFSv4 only regular files can be opened.  In which case we could
> end up with something that doesn't actually work for their purposes.
> 
> --b.
> 

I agree.

A goal of Labeled NFS is to remove the need for MAC based NFS servers to create
default labels for incoming NFS requests.

If we consider a case where the MAC NFS server running NFSv4.1 has an
implementation which simply maps client IP to a label:

192.168.34.21 -> Top Secret
192.168.23.10 -> Secret

then it is clear that the server has no means to inform the clients when
a security label on an object is modified.

So the only means the server has to interact via MAC policies is to
either accept or reject the operations as they try to access an object.

The minimum bar we have to meet is that above - it keeps parity with
existing implementations.

We can make improvements iff we know the client has state (open file handle,
directory delegation) that the server can reasonably detect. In such cases,
the server can notify the client of an attribute change on an object.

As for the Requirmens, what we want is probably:

       Servers SHOULD provide a mechanism for notifying clients of
       attribute changes of objects on the server.

       Servers MUST be able to store and retrieve the
       security attribute of objects as requested by the client.

-- 
thomas@netapp.com, ex-cfb

v2.23.0 | Report a Bug | By Email