Re: Vnode scope implementation

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: Vnode scope implementation
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Thu, 16 Jul 2009 18:44:07 +0300

On Thu, Jul 16, 2009 at 5:10 PM, YAMAMOTO 
Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:

> - where filesystem-dependent native ACLs would be implemented?
>  in ufs_check_permitted?

Yes.

> - for what kauth_authorize_vnode takes "error" returned from
>  ufs_check_permitted?

Imagine what happens if no secmodels are loaded (but we do have
listeners, say, for logging). The result inside kauth(9) will be
"EPERM" (because we'll receive a KAUTH_RESULT_DEFER and no
KAUTH_RESULT_ALLOW). Legit operations of e.g. me accessing my files
will be denied. Therefore, we provide a "subsystem result" for
kauth(9) to (a) pass on to listeners in case these are interested in
it and (b) return in case no secmodels are loaded so we fail-close but
not render the system unusable.

Thanks,

-e.

Follow-Ups:
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi

References:
- Re: Vnode scope implementation
  - From: Elad Efrat
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi

Prev by Date: Re: Vnode scope implementation
Next by Date: Re: Vnode scope implementation
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index