tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation


>> can you explain how it's required for MAC?  it isn't clear to me.
> Consider a file owned by yamt:yamt (say, 1000:1000) with permissions
> 0600. Let's say root is trying to access that file. Because root has
> euid 0, and the file has uid 1000, the file-system will deny access
> due to uid mismatch. However, once kauth(9) gets a chance to flip the
> decision, it can say, "but really, euid 0 should have access to this
> file".

thanks for explanation.
while i don't see its relation to MAC, i think i understand
your intention. :)

i have a few more questions.

- what about the locking protocol?
  in other words, what can and can't a listener do?
  while i think that it's a weak area of our kauth in general,
  i'm curious especially about this scope because it likely involves
  vnode locks.

- what's your plan about filesystems for which it can might impossible
  to alter filesystem's decisions?  eg. nfs


Home | Main Index | Thread Index | Old Index