Re: Vnode scope implementation

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: Vnode scope implementation
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Sun, 19 Jul 2009 15:00:19 +0300

On Sun, Jul 19, 2009 at 10:32 AM, YAMAMOTO
Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:
> hi,
>
>>> - for what kauth_authorize_vnode takes "error" returned from
>>>  ufs_check_permitted?
>>
>> Imagine what happens if no secmodels are loaded (but we do have
>> listeners, say, for logging). The result inside kauth(9) will be
>> "EPERM" (because we'll receive a KAUTH_RESULT_DEFER and no
>> KAUTH_RESULT_ALLOW). Legit operations of e.g. me accessing my files
>> will be denied. Therefore, we provide a "subsystem result" for
>
> i don't think operations will be denied in that case
> because nsecmodels == 0.

Err... right. They won't be denied, they wil *all* be allowed (I
forgot we had that !nsecmodels there). :)

I'd like it to work this way: if no secmodels are loaded, return what
the file-system decided. Ideally "what the file-system decided" will
also be implemented as a listener that the file-system registers, but
then we will have N listeners on the vnode scope which means a lot
more function calls on file-system operations, whereas if we make our
decision "internally" we don't have to have a listener for each
file-system. It was a question of performance.

-e.

References:
- Re: Vnode scope implementation
  - From: Elad Efrat
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi

Prev by Date: Re: Vnode scope implementation
Next by Date: Re: Vnode scope implementation
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index