Re: Vnode scope

[David Holland <dholland-tech%netbsd.org@localhost>]

On Tue, May 12, 2009 at 04:22:55AM +0300, Elad Efrat wrote:
 > Well, that's half true, and I've stated this as a shortcoming of my
 > proposal. However, keep in mind that we don't have NFSv4 (yet), nor
 > UFS extended attributes are getting used (I'm willing to bet that
 > nobody is using NetBSD with ACLs in extattrs). Can't comment on what
 > sort of access control AFS provides, but I'm pretty sure that if NTFS
 > had ACL support it would not be listed as the last item in its TODO
 > list along with a comment that states "though usefullness of such
 > feature is arguable".

These are all things we *should* have, and rearchitecting the system
so they won't work is not a step in the right direction.

 > I'm not aware of the complete details of what the parties who
 > discussed this idea decided, but I will point out that people expect a
 > way to write code that goes like "if (this_is_allowed) { do_it(); }",
 > and taking that a way is a serious regression (think TOCTOU races).

Yes, that's the point. The intent is to move a lot more locking
operations inside the FSes and out of VFS code; the associated access
checks need to be done inside the lock scope and therefore would need
to be in the FS.

-- 
David A. Holland
dholland%netbsd.org@localhost