tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation

Am 19.07.2009 um 14:58 schrieb Elad Efrat:

On Sun, Jul 19, 2009 at 3:49 PM, YAMAMOTO Takashi< > wrote:

On Sun, Jul 19, 2009 at 10:34 AM, YAMAMOTO
Takashi<> wrote:

can you explain what's the point to call kauth when fs_decision is
already non-0?
i don't think it's a good idea to let kauth allow operations which
have already been rejected by the filesystem itself.

I think it's a very good idea, because then kauth(9) can implement MACs.

can you explain how it's required for MAC?  it isn't clear to me.

Consider a file owned by yamt:yamt (say, 1000:1000) with permissions
0600. Let's say root is trying to access that file. Because root has
euid 0, and the file has uid 1000, the file-system will deny access
due to uid mismatch. However, once kauth(9) gets a chance to flip the

huh? since when can root not access a file with 0600 permission of any user?
are you sure you are running unix there?

decision, it can say, "but really, euid 0 should have access to this

Consider also someone trying to create an "isolating" secmodel, where
once a uid is in the list, it can't do anything. If you can't flip
decisions, the file-system will allow it to access its own files, no?


Home | Main Index | Thread Index | Old Index