Subject: Re: Config File / Kernel Building
To: None <greywolf@defender.VAS.viewlogic.com>
From: Greg A. Woods <woods@kuma.web.net>
List: current-users
Date: 04/23/1996 21:55:05
[ On Tue, April 23, 1996 at 11:44:31 (PDT), greywolf@defender.vas.viewlogic.com wrote: ]
> Subject: Re: Config File / Kernel Building
>
> Swaps don't have/need superblocks; why not check for the existence of a
> filesystem superblock on the partition, which would undeniably mark it as
> non-swap...?
Indeed -- though that means you first have to explicitly over-write it
with something like "dd if=/dev/zero of=/dev/rsd0d" in order to re-use
an old partition as swap. (The raw disk interface *does* return EOF
when writing past the logical end of a partition, doesn't it?!?!?!?)
> (Tangent)
> By the way, relying on the disk label to handle the filesystem type seems
> really bogus; it's the equivalent of what most systems used to do in
> having a mount table in each of kernel space and user-land. If I want
> to make a filesystem on disk from a brand new partition, the system has
> no business looking at the disk label and telling me "You can't do that
> because it's not declared as a type X filesystem". If it's present on
> the disk label, it should be taken as a suggestion so that newfs xxnp
> will do The Right Thing, but a "-fstype X" kind of option should override
> that suggestion.
>
> ...or Did I Miss Something Here? [TM] :-)
Yes and no. Your view of this feature suggests a "do what I want, not
what I should, and ignore everything I told you last time" attitude.
Having come from a more commercial and protective past I prefer the
approach of preventing you from tripping over your own mistakes by
adding double protection through policy enforcement in exactly the form
you seem to object to.
I.e. the disk label should indeed protect you from swapping to a
non-swap partition, writing to a non-writeable partition, and indeed
from creating a filesystem on a non-filesystem partition.
Further, if these protections are not desired, then indeed the type
identifying flags themselves should be totally eliminated in order to
prevent one from getting some sort of false sense of security.
In other words if the system allows me to tell it that a partition is of
a particular type or has a particular attribute, then I further require
that the system violently object when I (obviously mistakenly) try to
tell it to do something that would go against what I told it I meant
earlier.
After all it is (or should be) a relatively trivial procedure to
re-write the label with the newly intended attributes (after, of course,
complying to the defined policy required to be met before re-writing
disk labels, such as going down to single user mode).
If there are mechanisms that allow one to define policy, then there
should be un-breakable ways of enforcing the policy (i.e. forcing one to
change the policy definition if that's what you intend).
If you want policy mechanisms, then those mechanisms must be enforceable
and impossible to subvert, otherwise they are of negative value.
If you don't want to rely on the filesystem type in the disk label, then
get rid of it as it is not only meaningless, but misleading. If you do
want that attribute present, then yes the system does have every right
to fail to follow your directions and tell you "You can't do that
because it's not declared as a type X filesystem." I.e. if it's there
then it's not a suggestion, it's the rule.
BTW, I'm perfectly happy with a value for the attribute that says
"undefined", and thus effectively disables all related policy
mechanisms -- this is your "out" to freedom.
> (/Tangent)
;-)
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>