Re: Vnode scope

To: tech-kern%NetBSD.org@localhost
Subject: Re: Vnode scope
From: Ken Hornstein <kenh%cmf.nrl.navy.mil@localhost>
Date: Mon, 11 May 2009 15:37:37 -0400

>Limitations:
>  - It's confusing that VOP_ACCESS() doesn't check access control, but
>we can document that...
>  - ACLs are limited to what our normalized representation can
>represent, but that's not a problem for now I guess
>  - Lots of changes to replace VOP_ACCESS() to vnode_authorize()
>
>Any thoughts on the above? anything I missed? do we want to do it that
>way? anything we should take into consideration?

So, some things come to mind.

First off, I don't see how this could work with, say, an AFS client.  People
will point out that we don't have an AFS client for a modern version of
NetBSD; that is true, but it's not an insurmountable problem; it just needs
someone to dedicate time to porting it (I wish I had the time; sadly, I
do not).

I don't think the normalized ACLs that NetBSD has are rich enough to support
all of the possibilies that are out there (especially in the case of network
filesystems).  Sure, it might work for our current filesystems, but what
happens when we want to add something new?  What, exactly, are we supposed
to do?

--Ken

Follow-Ups:
- Re: Vnode scope
  - From: Elad Efrat
- Re: Vnode scope
  - From: Matt Benjamin

References:
- Vnode scope
  - From: Elad Efrat

Prev by Date: Re: kern/41189: kernel panic xen dom0 using mke2fs & WAPBL
Next by Date: Re: Vnode scope
Previous by Thread: Vnode scope
Next by Thread: Re: Vnode scope
Indexes:

Home | Main Index | Thread Index | Old Index