Re: Vnode scope

[Matt Benjamin <matt%linuxbox.com@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

(Actually, I have submitted to openafs.org a patch which does most of
the porting work for a recent client--it provides a loadable client
that works to the point of hitting some vnode recycling issues.
There's vm work to be done, as well.  It's probably on for the summer
time frame to finish...)

Anyway, it does seem problematic to require every fs to present a
normalised representation of ACLs.  However, my impression was that
kauth was sufficiently flexible as to allow (for this use) the fs to
implement it's own security policy though the implementation of new
listener(s).  Would that be a possibility for vnode scope?

Matt

Ken Hornstein wrote:
>
>
> First off, I don't see how this could work with, say, an AFS client. 
People
> will point out that we don't have an AFS client for a modern version of
> NetBSD; that is true, but it's not an insurmountable problem; it just needs
> someone to dedicate time to porting it (I wish I had the time; sadly, I
> do not).
>
> I don't think the normalized ACLs that NetBSD has are rich enough to
support
> all of the possibilies that are out there (especially in the case of
network
> filesystems).  Sure, it might work for our current filesystems, but what
> happens when we want to add something new?  What, exactly, are we supposed
> to do?
>
> --Ken

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKCIgfJiSUUSaRdSURCLnBAJwNWGZWKoZtpeAJzRFdzyM06FepUwCfQaEI
GRDM+nSy98RDK/OddKrZV4w=
=004v
-----END PGP SIGNATURE-----