se-samba

[Luke Kenneth Casson Leighton]

On Tue, Jun 01, 2004 at 09:06:18AM +1000, tridge at samba.org wrote:
> Russell,
> 
> One thing to be careful of is to distinguish the right design for a
> se-linux enabled Samba in Samba3 and Samba4. The design of Samba3 is
> quite different from Samba4, and the approach taken needs to be
> correspondingly different. The design that Luke proposes is closely
> tied to Samba3, as that is what he is familiar with. Samba-tng uses
> the same basic design for file sharing as Samba3, as it is based on
> the same code.
> 
> The main features of the Samba4 design that are relevant to you are:
> 
>  - backend isolation. Samba4 uses a "NTVFS" layer, which takes the
>    place of the old VFS layer in Samba3. All POSIX/Unix filesystem
>    assumptions are isolated into the backends behind this layer, so
>    for example uid_t and gid_t will only appear in these backends. 
 
 the NTVFS layer sounds like an idea that i recommended back in
 mid-to-end 1999.

 the idea was rejected by jeremy on the grounds that samba is
 a unix file/print sharer, and therefore it is necessary to
 move to unix filesystem semantics as soon as possible
 (including converting all file names to unix unicode).

 i didn't dare to contradict jeremy when he began to impose
 the same logic on the samba tng NT-style services design,
 most of which have absolutely nothing to do with a unix
 filesystem [i.e. they can be implemented in databases etc.]

 
 consequently it had not occurred to me that an NT style
 VFS layer might subsequently be taken up.


 an NT / SMB only VFS layer is the _ideal_ place to start
 from.

 can i recommend - tridge, others - that you give serious
 consideration to writing an experimental samba 4 "NTVFS"
 SMB proxy client plugin?

 not only will it be of benefit to se-samba, because it
 will be possible to use samba4 as the "front-end", and
 an se-samba(3) as the back-end, but also a similar setup
 will provide you with an important test scenario / milestone.

 l.