Re: Vnode scope implementation

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: Vnode scope implementation
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 19 Jul 2009 09:47:51 -0400

On Sun, Jul 19, 2009 at 02:53:09PM +0300, Elad Efrat wrote:
> On Sun, Jul 19, 2009 at 10:34 AM, YAMAMOTO
> Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:
> 
> > can you explain what's the point to call kauth when fs_decision is
> > already non-0?
> > i don't think it's a good idea to let kauth allow operations which
> > have already been rejected by the filesystem itself.
> 
> I think it's a very good idea, because then kauth(9) can implement MACs.

That doesn't make sense to me.  Operations rejected by the filesystem
itself are probably semantically invalid for that type of filesystem.

-- 
Thor Lancelot Simon                                        
tls%rek.tjls.com@localhost
    "Even experienced UNIX users occasionally enter rm *.* at the UNIX
     prompt only to realize too late that they have removed the wrong
     segment of the directory structure." - Microsoft WSS whitepaper

Follow-Ups:
- Re: Vnode scope implementation
  - From: Elad Efrat

References:
- Re: Vnode scope implementation
  - From: Elad Efrat
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi
- Re: Vnode scope implementation
  - From: Elad Efrat

Prev by Date: Re: GPIO revisited
Next by Date: Re: GPIO revisited
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index