[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Vnode scope implementation
On Wed, Jul 22, 2009 at 11:05 AM, YAMAMOTO
> i have a few more questions.
> - what about the locking protocol?
> in other words, what can and can't a listener do?
> while i think that it's a weak area of our kauth in general,
> i'm curious especially about this scope because it likely involves
> vnode locks.
That is indeed a weak point with kauth(9) at the moment. If you
remember, a long time ago we decided to add an assertion for being
able to sleep in kauth_authorize_action() or such, and quickly gave up
on it. :)
I was under the impression that the VFS locking protocol is about to
change at some point, which resulted in the decision to place the
authorization call inside the file-systems rather than outside as I
originally proposed. Since, at this point, I don't know exactly what
the new locking protocol will be, I can't really comment on it.
> - what's your plan about filesystems for which it can might impossible
> to alter filesystem's decisions? eg. nfs
I don't have a plan for NFS yet. Does it affect the kauth(9)
integration with all of our other file-systems, though?
Main Index |
Thread Index |