[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Vnode scope implementation
> On Sun, Aug 23, 2009 at 11:15 AM, YAMAMOTO
> Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:
>> ok, you will document it. it's fine.
> Good. Btw, could this:
> be another manifestation of a similar issue...?
it just means that not all filesystems are ufs-feature-compatible.
>> let me repeat my questions.
>> do you mean that nothing except documentation will be done for nfs?
> At least for now, yes, nothing except documentation will be done for nfs.
>> does it mean the use of the vnode scope is optional and a filesystem is
>> free to choose not using it, right?
> No, what is your reasoning here?
what do you mean by "No"? it won't be optional?
it can't be mandated because it's simply impossible for some filesystems.
> It means that if a file-system's security policy effectively comes
> from a host that you have no control over, you can not explicitly
> allow an operation because you don't have the last word, but you can
> certainly short-circuit and deny the operation.
sometimes you can't short-circuit with the suggested api because you
need to get "fs_decision" first.
> It's very similar to a firewall running on machine A allowing all
> outbound communication to port 80, but that will be of little meaning
> if the remote host B does not allow any inbound communication to port
Main Index |
Thread Index |