tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ACLs

On Jun,Saturday 27 2009, at 7:50 PM, Elad Efrat wrote:


As a quick "proof of concept" for generic ACLs (i.e., no file-system
support is required), I've implemented ACLs on top of kauth(9)'s
future "vnode" scope, fileassoc(9), and proplib. It's unfit for
production use as it is -- you might notice there aren't too many
"frees" in the code and that it's very bare bones -- but I'm posting
it anyway to get an opinion from people and see if anyone's even
interested in something like that in NetBSD, and perhaps others have
features they'd like to see implemented.

Do you plan to make this ACL implementation POSIX compatible ? One of
missing NetBSD features which I have found during ZFS port are posix ACLs.

Note that the vnode scope implementation is (obviously) not present,
but should be trivial to add.

Another missing feature is vnode kauth scope [1].




Home | Main Index | Thread Index | Old Index