Re: Vnode scope implementation

To: elad%NetBSD.org@localhost
Subject: Re: Vnode scope implementation
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Sun, 19 Jul 2009 12:49:01 +0000 (UTC)

hi,

> On Sun, Jul 19, 2009 at 10:34 AM, YAMAMOTO
> Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:
> 
>> can you explain what's the point to call kauth when fs_decision is
>> already non-0?
>> i don't think it's a good idea to let kauth allow operations which
>> have already been rejected by the filesystem itself.
> 
> I think it's a very good idea, because then kauth(9) can implement MACs.

can you explain how it's required for MAC?  it isn't clear to me.

YAMAMOTO Takashi

> 
> -e.

Follow-Ups:
- Re: Vnode scope implementation
  - From: Elad Efrat

References:
- Re: Vnode scope implementation
  - From: Elad Efrat

Prev by Date: Re: Vnode scope implementation
Next by Date: Re: Vnode scope implementation
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index