[rsbac] Question about RSBAC and NFS
Amon Ott
ao at rsbac.org
Wed Jun 25 12:54:55 MEST 2003
On Wednesday, 25. June 2003 09:18, Patrique Wolfrum wrote:
> But since the old system uses NFS for "mirroring" data from the main
> server (which will be replaced by the new one) to the backup server
> (operating with AIX 4.3). In the Internet we could not find a real
> statement if RSBAC supports NFS in that way, that the "old" system
> still works.
>
> Can someone please help me by telling me, if RSBAC supports NFS in the
> needed way ?
As often, it depends.
NFS Server:
The user space nfsd is a normal process running as root, which can be easily
encapsulated e.g. with JAIL module. The kernel space nfsd is not directly
supported, I cannot even tell what will be checked and what not.
Working as a client, the NFS mount is a normal filesystem, which gets
controlled as usual by RSBAC. The difference to local filesystems is that
RSBAC settings will never be stored on disk, so you have to make the
settings, produce a backup script with attr_back_fd etc. and restore the
settings each time you mount the NFS tree.
BTW, the same strategy is used to control e.g. proc, pts or devfs mounts on
file basis.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list