tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope



>Limitations:
>  - It's confusing that VOP_ACCESS() doesn't check access control, but
>we can document that...
>  - ACLs are limited to what our normalized representation can
>represent, but that's not a problem for now I guess
>  - Lots of changes to replace VOP_ACCESS() to vnode_authorize()
>
>Any thoughts on the above? anything I missed? do we want to do it that
>way? anything we should take into consideration?

So, some things come to mind.

First off, I don't see how this could work with, say, an AFS client.  People
will point out that we don't have an AFS client for a modern version of
NetBSD; that is true, but it's not an insurmountable problem; it just needs
someone to dedicate time to porting it (I wish I had the time; sadly, I
do not).

I don't think the normalized ACLs that NetBSD has are rich enough to support
all of the possibilies that are out there (especially in the case of network
filesystems).  Sure, it might work for our current filesystems, but what
happens when we want to add something new?  What, exactly, are we supposed
to do?

--Ken


Home | Main Index | Thread Index | Old Index