tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation

On Thu, Jul 16, 2009 at 5:10 PM, YAMAMOTO 
Takashi<> wrote:

> - where filesystem-dependent native ACLs would be implemented?
>  in ufs_check_permitted?


> - for what kauth_authorize_vnode takes "error" returned from
>  ufs_check_permitted?

Imagine what happens if no secmodels are loaded (but we do have
listeners, say, for logging). The result inside kauth(9) will be
"EPERM" (because we'll receive a KAUTH_RESULT_DEFER and no
KAUTH_RESULT_ALLOW). Legit operations of e.g. me accessing my files
will be denied. Therefore, we provide a "subsystem result" for
kauth(9) to (a) pass on to listeners in case these are interested in
it and (b) return in case no secmodels are loaded so we fail-close but
not render the system unusable.



Home | Main Index | Thread Index | Old Index