[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Vnode scope implementation
On Sun, Aug 23, 2009 at 11:15 AM, YAMAMOTO
> ok, you will document it. it's fine.
Good. Btw, could this:
be another manifestation of a similar issue...?
> let me repeat my questions.
> do you mean that nothing except documentation will be done for nfs?
At least for now, yes, nothing except documentation will be done for nfs.
> does it mean the use of the vnode scope is optional and a filesystem is
> free to choose not using it, right?
No, what is your reasoning here?
It means that if a file-system's security policy effectively comes
from a host that you have no control over, you can not explicitly
allow an operation because you don't have the last word, but you can
certainly short-circuit and deny the operation.
It's very similar to a firewall running on machine A allowing all
outbound communication to port 80, but that will be of little meaning
if the remote host B does not allow any inbound communication to port
Main Index |
Thread Index |