Re: Vnode scope

To: tech-kern%NetBSD.org@localhost
Subject: Re: Vnode scope
From: Ken Hornstein <kenh%cmf.nrl.navy.mil@localhost>
Date: Mon, 11 May 2009 23:00:10 -0400

>First, why wouldn't it work with an AFS client? (I don't know AFS)
>
>Second, I don't think we should hold back on features, especially ones
>that have the potential to work right away with all file-systems we have
>have *and* add ACLs to them -- all using kernel code that's already in
>place -- because of one file-system that isn't even implemented.

Matt has already addressed these points, but to answer:

- From your description, all access decisions would be moved into the vnode
  layer, instead of particular filesystem layer.  AFS makes it's own
  authorization decisions using it's own identity space and it's own ACL
  structure (admittedly, a lot of that happens on the server, but not
  all).

- I was not aware of this before, but it sounds like Matt is almost finished
  with an implementation of an AFS client.

- If, like Matt said, each filesystem can create a kauth() listener to
  implement it's own authorization layer, then it will not be an issue.

- Is this the same thing that FreeBSD implemented?  I ask because you said
  that they're supported in FreeBSD...

--Ken

References:
- Re: Vnode scope
  - From: Elad Efrat

Prev by Date: Re: Vnode scope
Next by Date: Re: Vnode scope
Previous by Thread: Re: Vnode scope
Next by Thread: Re: Vnode scope
Indexes:

Home | Main Index | Thread Index | Old Index