From owner-freebsd-current@FreeBSD.ORG  Fri May 16 01:16:09 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5862737B401; Fri, 16 May 2003 01:16:09 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8722343F85; Fri, 16 May 2003 01:16:08 -0700 (PDT)
	(envelope-from ilmar@watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h4G8FoOn029525;
	Fri, 16 May 2003 04:15:50 -0400 (EDT)
	(envelope-from ilmar@watson.org)
Received: from localhost (ilmar@localhost)h4G8FoE9029522;
	Fri, 16 May 2003 04:15:50 -0400 (EDT)
	(envelope-from ilmar@watson.org)
X-Authentication-Warning: fledge.watson.org: ilmar owned process doing -bs
Date: Fri, 16 May 2003 04:15:50 -0400 (EDT)
From: "Ilmar S. Habibulin" <ilmar@watson.org>
To: re@FreeBSD.org
In-Reply-To: <200305151400.h4FE0Djv020741@fledge.watson.org>
Message-ID: <20030516041042.U29447@fledge.watson.org>
References: <200305151400.h4FE0Djv020741@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@FreeBSD.org
Subject: Re: 5.2-RELEASE TODO
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 May 2003 08:16:09 -0000



On Thu, 15 May 2003, Robert Watson wrote:

>   Desired Features for 5.2-RELEASE
>
>    +------------------------------------------------------------------------+
>    |    Issue    | Status |  Responsible  |           Description           |
>    |-------------+--------+---------------+---------------------------------|
>    |             |        |               | Currently, MAC protections are  |
>    |             |        |               | enforced only on locally        |
>    |             |        |               | originated file system          |
>    |             |        |               | operations (VOPs), and not on   |
>    |             |        |               | RPCs generated via the NFS      |
>    | MAC support |        |               | server. Improvements in NFS     |
>    | for NFS     | --     | Robert Watson | server credential handling are  |
>    | Server      |        |               | required to correct this        |
>    |             |        |               | problem, as well as the         |
>    |             |        |               | introduction of new entry       |
>    |             |        |               | points to properly label NFS    |
>    |             |        |               | credentials and perform         |
>    |             |        |               | enforcement properly.           |
>    |-------------+--------+---------------+---------------------------------|

Do you plan to transfer labels over NFS? If so, why not to make some
generic extended attributes transfer mechanism over NFS and use it for ACL
too?

And what about packet labeling - it's still desired feature for
trustedbsd/6.0-current?