| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 455.1 | from chris | SMURF::BAT | Segui la tua beatitudine | Wed Feb 26 1997 13:55 | 83 |
| From: US2RMC::"[email protected]" "CWOLF.US.ORACLE.COM" 26-FEB-1997 13:35:10.92
To: smurf::bat
CC: [email protected]
Subj: Re: RE: NFS problems
--=_ORCL_17296123_0_11919702261409580
Content-Transfer-Encoding:7bit
Content-Type:text/plain; charset="US-ASCII"
Barbara,
Actually, all I want to do is to setup the hp/cmw machine as an unlabled
host, then NFS mount it as if it was not an MLS machine; we can already
NFS mount non-mls machines. i.e. I don't care about labels.
As for a source code license, I would say that's a capital idea! One
project I worked on once involved writing device drivers and we had
a source license with that vendor. Having the source really helped
me solve all lot of my own problems, before calling the vendor. I think
we should try to arrange for that.
-Chris
+------------------------------------------------------------------------+
| ORACLE Corporation |
| [email protected] |
| Chris Wolf, Senior Software Engineer Voice +1.415.506.2529 |
| World Wide Government & Education Fax +1.415.506.7408 |
| Products Division |
+------------------------------------------------------------------------+
--=_ORCL_17296123_0_11919702261409580
Content-Type:message/rfc822
Date: 26 Feb 97 12:01:09
From:"Barbara A. Thomson ZKO3-2/X46 1-2955 <[email protected]>" <[email protected]>
To:[email protected]
Subject:RE: NFS problems
Cc:[email protected]
MIME-Version: 1.0
Content-Transfer-Encoding:7bit
Content-Type:text/plain; charset="US-ASCII"
Hmmm, I didn't think HP (SecureWare) CMW supported the
Secure NFS (MLS+) file system type. At a minimum the
file system types we have in common is the original
SecureWare file system format, which they called
"multileveldir" (which was really multiple single-level
dirs) and we called 'hidden directories' or something.
see man mkmultdir.
I don't know if we can NFS import with labels their
file systems -- I'll forward your inquiry to the new
sec NFS guy Franklin and see if he knows -- if not,
I'll read some code later. (You know, we really should
set you up with a source license so that you could read
the sources yourself... I'll try and remember to ask
someone here, assuming of course you'd want to.)
later
BAT
--=_ORCL_17296123_0_11919702261409580--
% ====== Internet headers and postmarks (see DECWRL::GATEWAY.DOC) ======
% Received: from mail13.digital.com by us2rmc.zko.dec.com (5.65/rmc-22feb94) id AA23482; Wed, 26 Feb 97 13:24:33 -0500
% Received: from inet-smtp-gw-1.us.oracle.com by mail13.digital.com (8.7.5/UNX 1.5/1.0/WV) id NAA27753; Wed, 26 Feb 1997 13:13:22 -0500 (EST)
% Received: from erseq6.us.oracle.com (erseq6.us.oracle.com [138.2.202.101]) by inet-smtp-gw-1.us.oracle.com (8.8.5/8.8.5) with SMTP id KAA05608 for <[email protected]>; Wed, 26 Feb 1997 10:10:49 -0800 (PST)
% Received: by erseq6.us.oracle.com (8.6.13/37.7) id NAA19850; Wed, 26 Feb 1997 13:08:58 -0500
% Message-Id: <[email protected]>
% Date: 26 Feb 97 12:10:21 -0500
% From: "CWOLF.US.ORACLE.COM" <[email protected]>
% To: smurf::bat
% Subject: Re: RE: NFS problems
% Cc: [email protected]
% X-Orcl-Application: In-Reply-To: UNX06.US.ORACLE.COM:[email protected]'s message of 26-Feb-97 12:58
% Mime-Version: 1.0
% X-Mailer: Oracle InterOffice (version 4.0.4.0.26)
% Content-Type: multipart/mixed; boundary="=_ORCL_17296123_0_11919702261409580"
|
| 455.2 | some q's | SMURF::BAT | Segui la tua beatitudine | Wed Feb 26 1997 13:55 | 31 |
| From: SMURF::BAT "Barbara A. Thomson ZKO3-2/X46 1-2955" 26-FEB-1997 13:52:20.76
To: US2RMC::"[email protected]"
CC: BAT
Subj: Re: RE: NFS problems
Are you exporting an unlabelled file system from the HP box?
IOW, is the file system you are exporting from HP a standard
UFS file system, and not a "multi-level" file system?
(Actually, now that I think about it, if it were a
SecureWare "multi-level" file system, and the HP box would
let you export it to a single-level (unlabelled) host, then
when you import it, it would look to the MLS+ box as if it
were permanently, or rather as if all the users were running
with the multileveldir priv in their base set... hmm, something
to try.
Anyway, I should think that one could set up both the MLS+
and the HP boxes to think that the other system is unlabelled.
Provided that both system's TNETRHDB (I cannot remember what
the equivalent name is on the SecureWare system for the
remote host data base file is) [and I use the term "data base"
loosely :-)]) entries as single-level unlabelled hosts, you
ought to be able to import the exported file system from the
HP box. Remember when you do the mount, you have to specify
the labels for the mount point.
If that is what you tried to do and it failed, perhaps
we should step through the entries and the export and mount
commands?
|
| 455.3 | send to chris | SMURF::BAT | Segui la tua beatitudine | Wed Feb 26 1997 14:06 | 22 |
| > I then sniffed the packets and found that the DEC machine is trying to
> cal an RCP program, numbered 200013, which is not listed in /etc/rcp,
> though it is there on the DEC machine, but no other machines.
> Does this daemon have a name? What is it for? Why can't it realize
> I'm trying to mount a non-DECMLS box and not try to call this rpc?
Mike did a rpcinfo -p which shows:
program vers proto port
100003 2 udp 2049 nfs
200013 1 udp 2049
He doesn't know why it isn't named either, but says that
tnfs (Trusted NFS) is the program (because it is on the
same port as nfs, and the nfsd is really the same guy,
except that it uses labels on the data if talking to
another labelled system.
So I would say that the remote hosts database must have
defined the HP box as a labelled system, and that the
mount command is not a single-level mount?
|
| 455.4 | from franklin | SMURF::BAT | Segui la tua beatitudine | Wed Feb 26 1997 15:01 | 18 |
| From: KAMLIA::haskell "Franklin Haskell GSG 26-Feb-1997 1454" 26-FEB-1997 14:59:11.98
To: bat@dec:.zko.smurf (Segui la tua beatitudine)
CC: haskell@DEC:.zko.kamlia
Subj: Re: Notefile DEC_MLS_PLUS Note 455.0
BAT,
Unfortunately (in many ways and for many reasons) he is mixing apples
and oranges. We implemented TNFS in a non-standard fashion and have
never brought it back into conformance (using the usual excuses). One
of those excuses is that 'everyone' is moving to NFS V3 and therefore
there will be a TNFS V3 that 'everyone' will subscribe to. Of course
Sun doesn't see a market reason to do this, HP is still trying to digest
SecureWare, and we have barely enough people to do a hardware release;
but hey vaporware is cheap though it doesn't provide any revenue.
The good news: if it did work then he would get the hidden directories
'for free'.
-Franklin
|
| 455.5 | from chris | SMURF::BAT | Segui la tua beatitudine | Wed Feb 26 1997 15:58 | 9 |
| From: US2RMC::"[email protected]" "CWOLF.US.ORACLE.COM" 26-FEB-1997 15:37:44.83
To: smurf::bat
CC:
Subj: Re: re: NFS problem
Well, I already thought of this and used tnet_kstats/m6_kstats to verify
that each side considers the other as an unlabled host...
|
| 455.6 | call chris | SMURF::BAT | Segui la tua beatitudine | Wed Mar 05 1997 10:42 | 2 |
| Mike suggests checking with Chris -- did he succeed or did he just
fail to put the -S option on the command?
|
| 455.7 | I think that we should test this in QA | SMURF::BAT | Segui la tua beatitudine | Wed Mar 05 1997 14:17 | 30 |
| From: US2RMC::"[email protected]" "CWOLF.US.ORACLE.COM" 5-MAR-1997 14:12:32.40
To: smurf::bat
CC:
Subj: Re: RE: NFS problems
--=_ORCL_17510472_0_11919703051437230
Content-Transfer-Encoding:7bit
Content-Type:text/plain; charset="US-ASCII"
Barbara,
Sorry I didn't get back to you. I gave up on that NFS issue; I just
made a tape instead. BTW, I was never trying anything as fancy as
maintaining labels accross the mount. As I said before, each host
was configured to see the other as an unlabeled host and I was using
-I and -S to set the mount label (syslo). Well, if you have any ideas
you can let me know, but it's no longer a high priority.
Thanks,
-Chris
+------------------------------------------------------------------------+
| ORACLE Corporation |
| [email protected] |
| Chris Wolf, Senior Software Engineer Voice +1.415.506.2529 |
| World Wide Government & Education Fax +1.415.506.7408 |
| Products Division |
+------------------------------------------------------------------------+
|