tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation

On Sun, Aug 23, 2009 at 11:15 AM, YAMAMOTO
Takashi<> wrote:

> ok, you will document it.  it's fine.

Good. Btw, could this:

be another manifestation of a similar issue...?

> let me repeat my questions.
> do you mean that nothing except documentation will be done for nfs?

At least for now, yes, nothing except documentation will be done for nfs.

> does it mean the use of the vnode scope is optional and a filesystem is
> free to choose not using it, right?

No, what is your reasoning here?

It means that if a file-system's security policy effectively comes
from a host that you have no control over, you can not explicitly
allow an operation because you don't have the last word, but you can
certainly short-circuit and deny the operation.

It's very similar to a firewall running on machine A allowing all
outbound communication to port 80, but that will be of little meaning
if the remote host B does not allow any inbound communication to port


Home | Main Index | Thread Index | Old Index