Re: ACL patch

To: Andrew Doran <ad%netbsd.org@localhost>
Subject: Re: ACL patch
From: Christos Zoulas <christos%zoulas.com@localhost>
Date: Sun, 10 May 2020 09:48:10 -0400

Maybe I missed it but I didn't see a way for cache_lookup_linked() and
cache_have_id() to know a vnode has ACLs. The presence of ACLs means those
routines can't do their imitation of VOP_ACCESS() and need to fail so that
the lookup is handled by VOP_LOOKUP(). To handle that on a per-vnode basis
you'd want to flag the "has ACLs" fact when an inode is loaded, and do the
same when an ACL is added to an in-core inode. I'll look into it over the
next few days unless you want to take care of it.

So I looked into this a bit and genfs_can_access() is also used by cache_revlookup.

I am not sure what to do here. It is simple enough to add a flag to the vnode to indicate

if it has ACLs, but is it the right thing to do?

Best,

christos

Attachment: signature.asc
Description: Message signed with OpenPGP

Follow-Ups:
- Re: ACL patch
  - From: Andrew Doran

References:
- ACL patch
  - From: Christos Zoulas
- Re: ACL patch
  - From: Andrew Doran
- Re: ACL patch
  - From: Christos Zoulas

Prev by Date: Re: Patching sdmmmc capabilities for old controllers
Next by Date: Initial entropy with no HWRNG
Previous by Thread: Re: ACL patch
Next by Thread: Re: ACL patch
Indexes:

Home | Main Index | Thread Index | Old Index