[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Vnode scope implementation
> Oh, I thought that was a given because we don't control the kernel of
> another computer (a similar issue exists with Veriexec, see
> veriexec(9)'s caveats section, "remote file-systems").
yes, it's one of the reasons i don't like veriexec. :-)
> but IIUC it can prevent what the
> remote file-system would allow
sometimes it can, but in general it can't.
1. a client sends a request to a server.
2. the server decided to allow the operation, and actually process it,
and return the result to the client.
ie. you don't have a chance to pass "fs_decision" to kauth.
> Should we enforce that
> limitation on all file-systems, or make remote file-systems an
> exception? Veriexec sets a precedent of the latter, which I think
> makes sense. Do you have something else in mind?
i'm not sure if "remote file-systems or not" is a good classification
Main Index |
Thread Index |