se-samba
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Sat May 29 11:18:42 GMT 2004
On Sat, May 29, 2004 at 09:51:53AM +0000, Luke Kenneth Casson Leighton wrote:
> > Basically the idea is that samba runs in it's own domain (ofcourse), but
> > this domain has to be able to access/read/write files in other domains,
> > particularly user domains. However we want the same enforcements over
> > samba that a user would get on the local system, so the idea is to make
> > [...]
> 1) doing user-space avc library calls is fine IF you can guarantee
> that the file system to which you are providing access is NOT
> accessible by any means other than through se-samba [or that
> any such access guarantees no race conditions].
>
> i.e. you must, in effect, write your own userspace file system.
... just to be clear: isolating a filesystem from backdoor access
(i.e. the underlying filesystem, if it's a unix filesysyem, is NOT
accessible via any other means e.g. an NFS export) is not as bad
as it first seems.
you can always use the smbfs (or its newer more unix-centric
cifsfs cousins) linux kernel smb client filesystems to access
such an isolated userspace filesystem, and then re-export that
filesystem via other file servers (e.g. NFS).
i don't expect it to be very fast, it's not very friendly,
but it's minimal coding, minimal administrative setup and
it'll work. fingers crossed. :)
l.
p.s. as is done at the moment, you could always just keep on
giving samba unlimited policy access to the directories it
exports, but that's not the point, is it?
More information about the samba-technical
mailing list