[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Vnode scope implementation
>> can you explain how it's required for MAC? it isn't clear to me.
> Consider a file owned by yamt:yamt (say, 1000:1000) with permissions
> 0600. Let's say root is trying to access that file. Because root has
> euid 0, and the file has uid 1000, the file-system will deny access
> due to uid mismatch. However, once kauth(9) gets a chance to flip the
> decision, it can say, "but really, euid 0 should have access to this
thanks for explanation.
while i don't see its relation to MAC, i think i understand
your intention. :)
i have a few more questions.
- what about the locking protocol?
in other words, what can and can't a listener do?
while i think that it's a weak area of our kauth in general,
i'm curious especially about this scope because it likely involves
- what's your plan about filesystems for which it can might impossible
to alter filesystem's decisions? eg. nfs
Main Index |
Thread Index |