Re: move audit/priviliage check into VFS
- From: "Howard Su" <howard0su@xxxxxxxxx>
- Date: Mon, 23 Apr 2007 16:22:32 -0700
On 4/23/07, Robert Watson <rwatson@xxxxxxxxxxx> wrote:
In FS dependent code, we don't only call VOP_ACCESS, but also check
Pawel and I have talked about this a bit in the past -- vaccess(9) and
vaccess_acl_posix1e(9) were really the first step in abstracting file system
access control decisions, and aren't a bad step -- they certainly cover a lot
of the previously plentifully replicated cases (countless foo_access() VOP
implementations). However, I think we should be restrained and do a bit of
experimentation -- sometimes as much work could be done bundling up the common
arguments to deliver them to a central access check as is done in having the
access check appear in the calling code itself. Can we refine VOP_ACCESS() a
bit further to get what we need, or do we need new common functions?
some flags like ISUID, ISGID, NOUNLINK, APPEND, etc. This sort of
stuffs are so easy to regerssion when I work on tmpfs and it should be
almost same code in all the FS. However VFS don't have this sort of
information in vnode structure. Is this can be added?
--
-Howard
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: move audit/priviliage check into VFS
- From: Christoph Hellwig
- Re: move audit/priviliage check into VFS
- From: Robert Watson
- Re: move audit/priviliage check into VFS
- References:
- move audit/priviliage check into VFS
- From: Howard Su
- Re: move audit/priviliage check into VFS
- From: Robert Watson
- move audit/priviliage check into VFS
- Prev by Date: Intel Installtion
- Next by Date: Re: move audit/priviliage check into VFS
- Previous by thread: Re: move audit/priviliage check into VFS
- Next by thread: Re: move audit/priviliage check into VFS
- Index(es):
