tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation



On Sun, Jul 19, 2009 at 10:32 AM, YAMAMOTO
Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:
> hi,
>
>>> - for what kauth_authorize_vnode takes "error" returned from
>>>  ufs_check_permitted?
>>
>> Imagine what happens if no secmodels are loaded (but we do have
>> listeners, say, for logging). The result inside kauth(9) will be
>> "EPERM" (because we'll receive a KAUTH_RESULT_DEFER and no
>> KAUTH_RESULT_ALLOW). Legit operations of e.g. me accessing my files
>> will be denied. Therefore, we provide a "subsystem result" for
>
> i don't think operations will be denied in that case
> because nsecmodels == 0.

Err... right. They won't be denied, they wil *all* be allowed (I
forgot we had that !nsecmodels there). :)

I'd like it to work this way: if no secmodels are loaded, return what
the file-system decided. Ideally "what the file-system decided" will
also be implemented as a listener that the file-system registers, but
then we will have N listeners on the vnode scope which means a lot
more function calls on file-system operations, whereas if we make our
decision "internally" we don't have to have a listener for each
file-system. It was a question of performance.

-e.


Home | Main Index | Thread Index | Old Index