Re: Vnode scope

To: Ken Hornstein <kenh%cmf.nrl.navy.mil@localhost>
Subject: Re: Vnode scope
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Tue, 12 May 2009 04:40:22 +0300

Ken Hornstein wrote:

Limitations:
 - It's confusing that VOP_ACCESS() doesn't check access control, but
we can document that...
 - ACLs are limited to what our normalized representation can
represent, but that's not a problem for now I guess
 - Lots of changes to replace VOP_ACCESS() to vnode_authorize()

Any thoughts on the above? anything I missed? do we want to do it that
way? anything we should take into consideration?


So, some things come to mind.

First off, I don't see how this could work with, say, an AFS client.  People
will point out that we don't have an AFS client for a modern version of
NetBSD; that is true, but it's not an insurmountable problem; it just needs
someone to dedicate time to porting it (I wish I had the time; sadly, I
do not).


First, why wouldn't it work with an AFS client? (I don't know AFS)

Second, I don't think we should hold back on features, especially ones
that have the potential to work right away with all file-systems we have
have *and* add ACLs to them -- all using kernel code that's already in
place -- because of one file-system that isn't even implemented.

I've heard "we're getting ACLs through extattrs very soon now" for
literally years, and given they're supported in FreeBSD and we have part
of the code in NetBSD, I'm going to be *very* skeptical about anything
before it makes it into the tree.

I don't think the normalized ACLs that NetBSD has are rich enough to support
all of the possibilies that are out there (especially in the case of network
filesystems).  Sure, it might work for our current filesystems, but what
happens when we want to add something new?  What, exactly, are we supposed
to do?


Read my other replies stating my solutions for not binding ourselves to
a normalized format. That said, I think what you're suggesting we should
be worried about has a very, very low probability of affecting us.

NetBSD has supported only traditional Unix permissions for 16 years.
Even though our kernel has some initial code (and just that) support for
extattrs (and ACLs) in just one file-system, nobody ever really cared
about implementing it. Trying to claim that a normalized form, that will
work with, what, ~10 file-systems we have now, will become irrelevant
when we add a file-system with features that we did not foresee is going
to be a problem is both non-realistic and a "rich man's problem"...

Thanks,

-e.

Follow-Ups:
- Re: Vnode scope
  - From: Ken Hornstein

References:
- Vnode scope
  - From: Elad Efrat
- Re: Vnode scope
  - From: Ken Hornstein

Prev by Date: Re: Vnode scope
Next by Date: Re: Vnode scope
Previous by Thread: Re: Vnode scope
Next by Thread: Re: Vnode scope
Indexes:

Home | Main Index | Thread Index | Old Index