Re: ACL patch

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: ACL patch
From: Andrew Doran <ad%netbsd.org@localhost>
Date: Tue, 12 May 2020 22:37:27 +0000

On Sun, May 10, 2020 at 09:48:10AM -0400, Christos Zoulas wrote:
> 
> > Maybe I missed it but I didn't see a way for cache_lookup_linked() and
> > cache_have_id() to know a vnode has ACLs.  The presence of ACLs means those
> > routines can't do their imitation of VOP_ACCESS() and need to fail so that
> > the lookup is handled by VOP_LOOKUP().  To handle that on a per-vnode basis
> > you'd want to flag the "has ACLs" fact when an inode is loaded, and do the
> > same when an ACL is added to an in-core inode.  I'll look into it over the
> > next few days unless you want to take care of it.
> 
> So I looked into this a bit and genfs_can_access() is also used by  cache_revlookup.
> I am not sure what to do here. It is simple enough to add a flag to the vnode to indicate
> if it has ACLs, but is it the right thing to do?

I tried to pull down your patch again over the weekend to take a look but it
was gone.  The best place for a flag would be cache_enter_id() since it
deals with the necessary synchronisation.  I'll see about adding a flag now.
In addition to the places it's called now it would need to be called
whenever an inode gains an ACL.

Andrew

Follow-Ups:
- Re: ACL patch
  - From: Andrew Doran

References:
- ACL patch
  - From: Christos Zoulas
- Re: ACL patch
  - From: Andrew Doran
- Re: ACL patch
  - From: Christos Zoulas
- Re: ACL patch
  - From: Christos Zoulas

Prev by Date: Re: Initial entropy with no HWRNG
Next by Date: Re: ACL patch
Previous by Thread: Re: ACL patch
Next by Thread: Re: ACL patch
Indexes:

Home | Main Index | Thread Index | Old Index