Re: Vnode scope implementation

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: Vnode scope implementation
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Fri, 21 Aug 2009 11:11:39 -0400

On Fri, Aug 21, 2009 at 7:17 AM, Marc Balmer<marc%msys.ch@localhost> wrote:
>
> Am 21.08.2009 um 12:32 schrieb YAMAMOTO Takashi:
>>>>>
>>>>> I don't see any reason to hold with implementing the vnode scope just
>>>>> because we can't control operations on a remote host. Therefore, I'll
>>>>> give it a few more days (just in case) before moving forward.
>>>>
>>>> what will you do for nfs etc, by "moving forward"?
>>>> do nothing and give up mandating the use of vnode scope?
>>>
>>> I think it's quite clear that in the case of networked file systems it
>>> is always the serving machine that has "the last word" on security
>>> decisions and restrictions.  So while a nfs client could tighten
>>> restrictions, it can not loosen them.  I think this is a fact we have
>>> to live with.
>>
>> sure.  i'm asking how will we live with the fact.
>
> personally I am fine if the fact is well documented, so that users are aware
> of he implications.

Exactly what Marc said (thanks! :).

-e.

Follow-Ups:
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi

References:
- Re: Vnode scope implementation
  - From: Marc Balmer
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi
- Re: Vnode scope implementation
  - From: Marc Balmer

Prev by Date: Re: Vnode scope implementation
Next by Date: proposed sysctl(9) changes
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index