Re: move audit/priviliage check into VFS

On Sun, Apr 22, 2007 at 02:58:30PM -0700, Howard Su wrote:
When I working on tmpfs privilege, I need copy a lot of privilege
check code from UFS. I suppose there is same problem in ZFS. So moving
this sort of privilege code into VFS will reduce a lot of duplicate
code and also make fs implementation simple and consistent in security
thing.

Besides that, some quota/extattr feature can be also implement in VFS layer.
Quota code (ufs/ufs/ufs_quota.c) is mostly filesystem-independent, it
only require particular format for the quota file, and several fields in
the ufs mount structure, as well as ufs mount interlock. The later could be
factored-out quite easily.

On the other hand, only ufs is stuffed with hooks for the quota handling.

I suppose the fact today that a lot of stuffs are UFS related is
because we have VFS after UFS. So VFS only abstracts the common stuffs
for a misc file system like iso/udf/msdosfs. We didn't suppose we will
have more full-featured file system besides UFS. (NFS has its own &
different implementation about security.)

Does VFS have other design goal that I am not aware to preventing us
moving more shared code into it?

I would let others comment on the feasibility of factoring out permission
check code.

What I want to point out is that some time ago UFS itself was considered
as layer with underlying implementation providing the actual structure
for the storage. At least two such implementations existed, FFS and
LFS. The LFS is long dead and removed from CVS. All that left from the
layering is several method pointers in struct ufsmount. I suspect that
current code has eroded the border between UFS and FFS. That said, I'm
not sure whether implementing tmpfs as some TMPFS under UFS layer is
possible now, but you may look at this.

Attachment: pgprJo4InP4Q5.pgp
Description: PGP signature

Relevant Pages

  • Re: move audit/priviliage check into VFS
    ... So moving this sort of privilege code into VFS will reduce a lot of duplicate code and also make fs implementation simple and consistent in security thing. ... I suppose the fact today that a lot of stuffs are UFS related is because we have VFS after UFS. ... So VFS only abstracts the common stuffs for a misc file system like iso/udf/msdosfs. ...
    (freebsd-arch)
  • move audit/priviliage check into VFS
    ... When I working on tmpfs privilege, I need copy a lot of privilege ... some quota/extattr feature can be also implement in VFS layer. ... I suppose the fact today that a lot of stuffs are UFS related is ... moving more shared code into it? ...
    (freebsd-arch)
  • SUMMARY: how do I REALLY delete a file?
    ... leaving the rest of the file system intact. ... Wipedrive doesn't seem to be available for Solaris, but might be of interest to ... run this on each filesystem where the files from ... >Solaris' UFS] do not satisfy this assumption." ...
    (SunManagers)
  • Re: ZFS kernel panic
    ... Return an I/O error on this cache flush. ... If UFS remembers I/O errors, ... I thought that when file system itself flushes the ...
    (freebsd-current)
  • Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03
    ... I don't know of a concerted effort by anyone to improve UFS in this ... automatically mounting USB drives, these bugs would indeed be critical. ... The standard configuration of Gnome runs ... done via amdand automatically as the file system gets accessed via ...
    (freebsd-stable)