[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference smurf::dec_mls_plus

Title:dec_mls_plus
Moderator:SMURF::BAT
Created:Mon Nov 29 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:534
Total number of notes:2544

455.0. "Oracle: NFS mounting an HP CMW filesystem" by SMURF::BAT (Segui la tua beatitudine) Wed Feb 26 1997 14:56

From:	US2RMC::"CWOLF@us.oracle.com" "CWOLF.US.ORACLE.COM" 25-FEB-1997 20:23:01.71
To:	smurf::bat, thomson@zk3.dec.com
CC:	
Subj:	NFS problems

Barbara, 
 
I'm trying to NFS mount from an HP-UX/CMW box to DEC MLS+ 3.1A.  The  
DEC machine keeps complaining "RCP program not registered", but a quick 
check with rpcinfo reveals that all the usual daemons are there. 
I then sniffed the packets and found that the DEC machine is trying to 
cal an RCP program, numbered 200013, which is not listed in /etc/rcp, 
though it is there on the DEC machine, but no other machines. 
 
Does this daemon have a name?  What is it for?  Why can't it realize  
I'm trying to mount a non-DECMLS box and not try to call this rpc? 
 
BTW, we don't have any problems mounting other unlabled hosts, such 
as regular UNIX boxes. 
 
Thanks for any help. 
 
	-Chris 
 
+------------------------------------------------------------------------+ 
| ORACLE Corporation                                                     | 
|                                                  cwolf@us.oracle.com   | 
| Chris Wolf, Senior Software Engineer             Voice +1.415.506.2529 | 
| World Wide Government & Education                Fax   +1.415.506.7408 | 
| Products Division                                                      | 
+------------------------------------------------------------------------+
T.RTitleUserPersonal
Name
DateLines
455.1from chrisSMURF::BATSegui la tua beatitudineWed Feb 26 1997 16:5583
From:	US2RMC::"CWOLF@us.oracle.com" "CWOLF.US.ORACLE.COM" 26-FEB-1997 13:35:10.92
To:	smurf::bat
CC:	ASCHEN.US.oramail@us.oracle.com
Subj:	Re: RE: NFS problems


--=_ORCL_17296123_0_11919702261409580
Content-Transfer-Encoding:7bit
Content-Type:text/plain; charset="US-ASCII"

Barbara, 
 
Actually, all I want to do is to setup the hp/cmw machine as an unlabled 
host, then NFS mount it as if it was not an MLS machine; we can already 
NFS mount non-mls machines. i.e. I don't care about labels. 
 
As for a source code license, I would say that's a capital idea!  One  
project I worked on once involved writing device drivers and we had  
a source license with that vendor.  Having the source really helped  
me solve all lot of my own problems, before calling the vendor.  I think 
we should try to arrange for that. 
 
	-Chris 
 
+------------------------------------------------------------------------+ 
| ORACLE Corporation                                                     | 
|                                                  cwolf@us.oracle.com   | 
| Chris Wolf, Senior Software Engineer             Voice +1.415.506.2529 | 
| World Wide Government & Education                Fax   +1.415.506.7408 | 
| Products Division                                                      | 
+------------------------------------------------------------------------+

--=_ORCL_17296123_0_11919702261409580
Content-Type:message/rfc822

Date: 26 Feb 97 12:01:09
From:"Barbara A. Thomson ZKO3-2/X46 1-2955 <bat@smurf.ENET.dec.com>" <bat@smurf.ENET.dec.com>
To:cwolf@us.oracle.com
Subject:RE: NFS problems
Cc:bat@smurf.ENET.dec.com
MIME-Version: 1.0
Content-Transfer-Encoding:7bit
Content-Type:text/plain; charset="US-ASCII"


	Hmmm, I didn't think HP (SecureWare) CMW supported the
	Secure NFS (MLS+) file system type.  At a minimum the
	file system types we have in common is the original
	SecureWare file system format, which they called
	"multileveldir" (which was really multiple single-level
	dirs) and we called 'hidden directories' or something.
	see man mkmultdir.

	I don't know if we can NFS import with labels their 
	file systems -- I'll forward your inquiry to the new
	sec NFS guy Franklin and see if he knows -- if not,
	I'll read some code later.  (You know, we really should
	set you up with a source license so that you could read
	the sources yourself... I'll try and remember to ask
	someone here, assuming of course you'd want to.)

	later
	BAT

--=_ORCL_17296123_0_11919702261409580--


% ====== Internet headers and postmarks (see DECWRL::GATEWAY.DOC) ======
% Received: from mail13.digital.com by us2rmc.zko.dec.com (5.65/rmc-22feb94) id AA23482; Wed, 26 Feb 97 13:24:33 -0500
% Received: from inet-smtp-gw-1.us.oracle.com by mail13.digital.com (8.7.5/UNX 1.5/1.0/WV) id NAA27753; Wed, 26 Feb 1997 13:13:22 -0500 (EST)
% Received: from erseq6.us.oracle.com (erseq6.us.oracle.com [138.2.202.101]) by inet-smtp-gw-1.us.oracle.com (8.8.5/8.8.5) with SMTP id KAA05608 for <bat@smurf.enet.dec.com>; Wed, 26 Feb 1997 10:10:49 -0800 (PST)
% Received:  by erseq6.us.oracle.com (8.6.13/37.7) id NAA19850; Wed, 26 Feb 1997 13:08:58 -0500
% Message-Id: <199702261808.NAA19850@erseq6.us.oracle.com>
% Date: 26 Feb 97 12:10:21 -0500
% From: "CWOLF.US.ORACLE.COM" <CWOLF@us.oracle.com>
% To: smurf::bat
% Subject: Re: RE: NFS problems
% Cc: ASCHEN.US.oramail@us.oracle.com
% X-Orcl-Application: In-Reply-To: UNX06.US.ORACLE.COM:bat@smurf.ENET.dec.com's message of 26-Feb-97 12:58
% Mime-Version: 1.0
% X-Mailer: Oracle InterOffice (version 4.0.4.0.26)
% Content-Type: multipart/mixed; boundary="=_ORCL_17296123_0_11919702261409580"
    
455.2some q'sSMURF::BATSegui la tua beatitudineWed Feb 26 1997 16:5531
From:	SMURF::BAT          "Barbara A. Thomson ZKO3-2/X46 1-2955" 26-FEB-1997 13:52:20.76
To:	US2RMC::"CWOLF@us.oracle.com"
CC:	BAT
Subj:	Re: RE: NFS problems


	Are you exporting an unlabelled file system from the HP box?
	IOW, is the file system you are exporting from HP a standard
	UFS file system, and not a "multi-level" file system?
	(Actually, now that I think about it, if it were a 
	SecureWare "multi-level" file system, and the HP box would
	let you export it to a single-level (unlabelled) host, then
	when you import it, it would look to the MLS+ box as if it
	were permanently, or rather as if all the users were running
	with the multileveldir priv in their base set... hmm, something
	to try.

	Anyway, I should think that one could set up both the MLS+
	and the HP boxes to think that the other system is unlabelled.
	Provided that both system's TNETRHDB (I cannot remember what
	the equivalent name is on the SecureWare system for the
	remote host data base file is) [and I use the term "data base"
	loosely :-)]) entries as single-level unlabelled hosts, you
	ought to be able to import the exported file system from the
	HP box.  Remember when you do the mount, you have to specify
	the labels for the mount point.

	If that is what you tried to do and it failed, perhaps 
	we should step through the entries and the export and mount
	commands?  
    
455.3send to chrisSMURF::BATSegui la tua beatitudineWed Feb 26 1997 17:0622
> I then sniffed the packets and found that the DEC machine is trying to 
> cal an RCP program, numbered 200013, which is not listed in /etc/rcp, 
> though it is there on the DEC machine, but no other machines. 
> Does this daemon have a name?  What is it for?  Why can't it realize  
> I'm trying to mount a non-DECMLS box and not try to call this rpc? 
 
	Mike did a rpcinfo -p which shows:

	program	vers	proto	port
	100003	2	udp	2049	nfs
	200013	1	udp	2049	
	
	He doesn't know why it isn't named either, but says that
	tnfs (Trusted NFS) is the program (because it is on the 
	same port as nfs, and the nfsd is really the same guy,
	except that it uses labels on the data if talking to 
	another labelled system.

	So I would say that the remote hosts database must have
	defined the HP box as a labelled system, and that the
	mount command is not a single-level mount?
    
455.4from franklinSMURF::BATSegui la tua beatitudineWed Feb 26 1997 18:0118
From:	KAMLIA::haskell "Franklin Haskell GSG  26-Feb-1997 1454" 26-FEB-1997 14:59:11.98
To:	bat@dec:.zko.smurf (Segui la tua beatitudine)
CC:	haskell@DEC:.zko.kamlia
Subj:	Re: Notefile DEC_MLS_PLUS Note 455.0 

BAT,
Unfortunately (in many ways and for many reasons) he is mixing apples
and oranges.  We implemented TNFS in a non-standard fashion and have
never brought it back into conformance (using the usual excuses).  One
of those excuses is that 'everyone' is moving to NFS V3 and therefore
there will be a TNFS V3 that 'everyone' will subscribe to.  Of course
Sun doesn't see a market reason to do this, HP is still trying to digest
SecureWare, and we have barely enough people to do a hardware release;
but hey vaporware is cheap though it doesn't provide any revenue.
The good news:  if it did work then he would get the hidden directories
'for free'.
-Franklin
    
455.5from chrisSMURF::BATSegui la tua beatitudineWed Feb 26 1997 18:589
From:	US2RMC::"CWOLF@us.oracle.com" "CWOLF.US.ORACLE.COM" 26-FEB-1997 15:37:44.83
To:	smurf::bat
CC:	
Subj:	Re: re: NFS problem


Well, I already thought of this and used tnet_kstats/m6_kstats to verify 
that each side considers the other as an unlabled host... 
 
455.6call chrisSMURF::BATSegui la tua beatitudineWed Mar 05 1997 13:422
    Mike suggests checking with Chris -- did he succeed or did he just
    fail to put the -S option on the command?
455.7I think that we should test this in QASMURF::BATSegui la tua beatitudineWed Mar 05 1997 17:1730
From:	US2RMC::"CWOLF@us.oracle.com" "CWOLF.US.ORACLE.COM"  5-MAR-1997 14:12:32.40
To:	smurf::bat
CC:	
Subj:	Re: RE: NFS problems


--=_ORCL_17510472_0_11919703051437230
Content-Transfer-Encoding:7bit
Content-Type:text/plain; charset="US-ASCII"

Barbara, 
 
Sorry I didn't get back to you.  I gave up on that NFS issue; I just 
made a tape instead.  BTW, I was never trying anything as fancy as  
maintaining labels accross the mount.  As I said before, each host 
was configured to see the other as an unlabeled host and I was using 
-I and -S to set the mount label (syslo).  Well, if you have any ideas 
you can let me know, but it's no longer a high priority.   
 
Thanks, 
 
	-Chris 
 
+------------------------------------------------------------------------+ 
| ORACLE Corporation                                                     | 
|                                                  cwolf@us.oracle.com   | 
| Chris Wolf, Senior Software Engineer             Voice +1.415.506.2529 | 
| World Wide Government & Education                Fax   +1.415.506.7408 | 
| Products Division                                                      | 
+------------------------------------------------------------------------+