Re: Vnode scope implementation

To: elad%NetBSD.org@localhost
Subject: Re: Vnode scope implementation
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Wed, 22 Jul 2009 08:05:20 +0000 (UTC)

hi,

>> can you explain how it's required for MAC?  it isn't clear to me.
> 
> Consider a file owned by yamt:yamt (say, 1000:1000) with permissions
> 0600. Let's say root is trying to access that file. Because root has
> euid 0, and the file has uid 1000, the file-system will deny access
> due to uid mismatch. However, once kauth(9) gets a chance to flip the
> decision, it can say, "but really, euid 0 should have access to this
> file".

thanks for explanation.
while i don't see its relation to MAC, i think i understand
your intention. :)

i have a few more questions.

- what about the locking protocol?
  in other words, what can and can't a listener do?
  while i think that it's a weak area of our kauth in general,
  i'm curious especially about this scope because it likely involves
  vnode locks.

- what's your plan about filesystems for which it can might impossible
  to alter filesystem's decisions?  eg. nfs

YAMAMOTO Takashi

Follow-Ups:
- Re: Vnode scope implementation
  - From: Elad Efrat

References:
- Re: Vnode scope implementation
  - From: Elad Efrat

Prev by Date: Re: Vnode scope implementation
Next by Date: Re: Vnode scope implementation
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index