Re: Opencomm: proplib-based syscall

[Elad Efrat <elad%NetBSD.org@localhost>]

David Young wrote:
> On Tue, Apr 28, 2009 at 10:54:06PM +0300, Elad Efrat wrote:
> > On Tue, Apr 28, 2009 at 10:19 PM, Andrew Doran <ad%netbsd.org@localhost> wrote:
> > > Sorry but I don't like this either.
> > >
> > > - It's a new name space and a new channel when we already have reasonable
> > > ?ones in place.
> > I disagree. The file-system namespace is limited to the traditional
> > Unix permission bits when setting access control. The sysctl namespace
> > is a mess on that aspect as well (unless you want to introduce a
> > handler for each node). The syscall namespace is numbers, it's not
> > really a "namespace".
>
> To my mind, a namespace is a system of identifiers such as UNIX
> pathnames, sysctl dotted names, SNMP OIDs, ISBN, or the Dewey Decimal
> System.  It is not a system of access permissions.  I think that this is
> what Andrew had in mind, too.
>
> You may use a namespace to identify the discrete things that access
> permissions may adhere to.  I don't think that either the sysctl or
> filesystem namespace are particularly limiting for that purpose.

Access permissions need to be attached somehow to a name in a namespace
in order for them to be enforced when that name is accessed.

The only access permissions you can set on a filename are the
traditional Unix permission bits. I wrote fileassoc(9) especially to
somewhat relieve you from that annoyance (and not be limited to one
file-system implementation). Sysctl has different ways you can "attach"
things to a node, but the point is that it's not something the interface
provides.

-e.