Re: [PATCH 06/14] KConfig: Add KConfig entries for Labeled NFS

From: Serge E. Hallyn
Date: Tue Sep 30 2008 - 16:41:01 EST


Quoting David P. Quigley (dpquigl@xxxxxxxxxxxxx):
> This patch adds two entries into the fs/KConfig file. The first entry
> NFS_V4_SECURITY_LABEL enables security label support for the NFSv4 client while
> the second entry NFSD_V4_SECURITY_LABEL enables security labeling support on
> the server side.
>
> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@xxxxxxxxxx>
> Signed-off-by: David P. Quigley <dpquigl@xxxxxxxxxxxxx>
> ---
> fs/Kconfig | 17 +++++++++++++++++
> 1 files changed, 17 insertions(+), 0 deletions(-)
>
> diff --git a/fs/Kconfig b/fs/Kconfig
> index abccb5d..47ffb42 100644
> --- a/fs/Kconfig
> +++ b/fs/Kconfig
> @@ -1633,6 +1633,7 @@ config NFS_V4
>
> If unsure, say N.
>
> +
> config ROOT_NFS
> bool "Root file system on NFS"
> depends on NFS_FS=y && IP_PNP
> @@ -1644,6 +1645,15 @@ config ROOT_NFS
>
> Most people say N here.
>
> +config NFS_V4_SECURITY_LABEL
> + bool "Provide Security Label support for NFSv4 client"
> + depends on NFS_V4 && SECURITY
> + help
> + Say Y here if you want label attribute support for NFS version 4.

A little more here :)

"Say Y here if you want security label attribute support for NFS version
4. Security labels allow security modules like SELinux and Smack to
label files to facilitate enforcement of their policies.

If you do not wish to enforce SELinux or Smack policies on NFSv4 files,
say N."

Or something... the idea being to make it clear to anyone configuring
a new kernel whether they should say n or y.

> +
> +
> + If unsure, say N.
> +
> config NFSD
> tristate "NFS server support"
> depends on INET
> @@ -1725,6 +1735,13 @@ config NFSD_V4
>
> If unsure, say N.
>
> +config NFSD_V4_SECURITY_LABEL
> + bool "Provide Security Label support for NFSv4 server"
> + depends on NFSD_V4 && SECURITY
> + help
> + If you would like to include support for label file attributes
> + over NFSv4, say Y here.
> +
> config LOCKD
> tristate
>
> --
> 1.5.5.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/