tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation


> Oh, I thought that was a given because we don't control the kernel of
> another computer (a similar issue exists with Veriexec, see
> veriexec(9)'s caveats section, "remote file-systems").

yes, it's one of the reasons i don't like veriexec. :-)

> but IIUC it can prevent what the
> remote file-system would allow

sometimes it can, but in general it can't.

1. a client sends a request to a server.
2. the server decided to allow the operation, and actually process it,
  and return the result to the client.

ie. you don't have a chance to pass "fs_decision" to kauth.

> Should we enforce that
> limitation on all file-systems, or make remote file-systems an
> exception? Veriexec sets a precedent of the latter, which I think
> makes sense. Do you have something else in mind?

i'm not sure if "remote file-systems or not" is a good classification


> Thanks,
> -e.

Home | Main Index | Thread Index | Old Index