tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope



On Sat, May 09, 2009 at 04:42:16PM +0300, Elad Efrat wrote:

> I would like to implement the vnode scope so we can use kauth(9) to
> authorize file-system related operations.
> 
> There are generally two ways we can go about that:
>   - Move access control to the VFS layer
>   - Keep access control in file-system specific code

Perhaps with tightly-controlled exceptions for performance reasons, I think
it needs to remain in the file-system specific code because:

- There are lots of different conventions and capabilities in this area,
  consider AFS, NFSv4, UFS+extattr, NTFS, ??. Without a plan to handle them
  all, pulling access control into VFS diminishes its generality in the
  short term.

- We have been discussing, and most of the interested parties agree, that we
  should take some portion of concurrency and lifecycle management off VFS,
  and put them back into the file systems. In that case VOP_ACCESS() would
  exist primarily to service the access() system call. There would be no
  immediate, cheap and easy way to ensure correct serialization across
  multiple operations (use VOP_ACCESS() to check ok, perform operation).


Home | Main Index | Thread Index | Old Index