tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation

On Sun, Jul 26, 2009 at 5:51 PM, YAMAMOTO 
Takashi<> wrote:

>> Well, I'm not too familiar with NFS, so let's see. Where do things
>> start falling apart when NFS comes into the equation?
> for nfs, the permission check is done on the server.
> so kauth can't allow operations which is denied by the filesystem.
> ie. kauth can't have the final word.

Oh, I thought that was a given because we don't control the kernel of
another computer (a similar issue exists with Veriexec, see
veriexec(9)'s caveats section, "remote file-systems").

Kauth(9) can obviously not explicitly allow something the remote
file-system will decide to prevent, but IIUC it can prevent what the
remote file-system would allow (unless your NFS communication does not
go through the kernel and kauth(9)?). Should we enforce that
limitation on all file-systems, or make remote file-systems an
exception? Veriexec sets a precedent of the latter, which I think
makes sense. Do you have something else in mind?



Home | Main Index | Thread Index | Old Index