From: Amon Ott <ao@rsbac.org>
Subject: Re: RSBAC working with SGI XFS 1.0
Date: Mon, 7 May 2001 10:32:28 +0200
Next Article (by Author): Away in May... Amon Ott
Previous Article (by Author): Re: [crispin@WIREX.COM: Linux Security Module Interface] Amon Ott
Top of Thread: RSBAC working with SGI XFS 1.0 K Mitchell Russell
Next in Thread: Re: RSBAC working with SGI XFS 1.0 Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
On Son, 06 Mai 2001 K Mitchell Russell wrote: > On Sun, 6 May 2001, Keith Matthews wrote: > > > On Sat, 5 May 2001 20:31:04 -0400 (EDT) K Mitchell Russell <K Mitchell Russell <kmrussel@hsc.vcu.edu>> wrote: > > > > > > > > > > Anyone else working with XFS and RSBAC? If so please comment, as I > > > would like to see XFS added to the 'Compatability' list of RSBAC soon. Good to hear it works. > > Haven't tried XFs yet (XFS boot filesystem + GRUB are at the top of my > > 'todo' list') but have tried ext3. > > > > Same sort of messages as you got. Some strange things happening, but I > > have no evidence (yet) they are due to ext3. Similar sort of problem with the > > patches. There have been some inodes removed, e.g. for the log, with RSBAC not noticing. The related inodes then get cleaned up once on the next check. If XFS uses 32 bit inode numbers (like the kernel vfs), the reiserfs problem is unlikely to appear, if not, they might have made it more compatible to 32 bit inode numbers. > > How did you apply RSBAC rules to the XFS filesystem code (fs/ext2/namei.c) > > ? With ext3 its fairly easy as the module is almost a straight clone of ext2. > > Good question: I didn't. All the fs/* patches applied fine, and the > fs/*/namei.c appears to only be concerned with rsbac_sec_del() for each > filesystem (ext2, minix, msdoc, vfat..) - or am I totally off base? I This is correct. Secure delete is the only thing that is fs dependent, because I could not get it into the independent code. I might try again, though. > have NOT EVEN attempted the secure delete with XFS... don't know where > the code is (XFS is a LARGE patch, main patch is 146,000 lines, 2.4.3 > core patch is 6,000). Also appears that ReiserFS namei.c is not patched > by v1.1.1. Interesting to know if anyone has patched this by hand? It > would be nice to get secure delete to work with XFS, but this may > require a big effort, or help from the SGI engineers... I can throw it > up on the XFS list and see what they say perhaps. Yes, please ask them and forward the result here. Maybe they even have an interface for that. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Away in May... Amon Ott
Previous Article (by Author): Re: [crispin@WIREX.COM: Linux Security Module Interface] Amon Ott
Top of Thread: RSBAC working with SGI XFS 1.0 K Mitchell Russell
Next in Thread: Re: RSBAC working with SGI XFS 1.0 Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]