From owner-trustedbsd-discuss@FreeBSD.ORG Sat Mar 11 02:11:27 2006 Return-Path: X-Original-To: trustedbsd-discuss@freebsd.org Delivered-To: trustedbsd-discuss@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8FBF16AA7A for ; Sat, 11 Mar 2006 02:11:26 +0000 (GMT) (envelope-from Thomas.Sparrevohn@btinternet.com) Received: from smtp809.mail.ukl.yahoo.com (smtp809.mail.ukl.yahoo.com [217.12.12.199]) by mx1.FreeBSD.org (Postfix) with SMTP id 056D745E62 for ; Fri, 10 Mar 2006 23:20:48 +0000 (GMT) (envelope-from Thomas.Sparrevohn@btinternet.com) Received: (qmail 8708 invoked from network); 10 Mar 2006 23:20:43 -0000 Received: from unknown (HELO w2fzz0vc01.aah-go-on.com) (thomas.sparrevohn@btinternet.com@86.137.138.129 with plain) by smtp809.mail.ukl.yahoo.com with SMTP; 10 Mar 2006 23:20:43 -0000 From: Thomas Sparrevohn To: trustedbsd-discuss@freebsd.org Date: Fri, 10 Mar 2006 23:19:35 +0000 User-Agent: KMail/1.9.1 References: <20060308.015844.98687889.hrs@allbsd.org> <20060309140712.L13591@fledge.watson.org> In-Reply-To: <20060309140712.L13591@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200603102319.36529.Thomas.Sparrevohn@btinternet.com> Cc: Subject: Re: question about MAC policy modules on 6.0 X-BeenThere: trustedbsd-discuss@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas.Sparrevohn@btinternet.com List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2006 02:11:27 -0000 On Thursday 09 March 2006 14:09, Robert Watson wrote: > On Wed, 8 Mar 2006, Hiroki Sato wrote: > > 4) mount_ufs(8) multilabel option > > > > mount_ufs(8) has multilabel option for the MAC label, but it > > seems broken ("tunefs -l enable" works, though). I am not sure > > the attached patch (the second one) is correct, but it should > > fix this. > Just for the record the "mutilabel" option in fstab works in 7.0 - maybe it was missed in one of the MFC? > It's been a while since I've looked at this code, and have not had a chance > to test your patch as yet. The desired behavior is that mount be able to > report that multilabel is set on the file system, and request that it be > set when mounting the file system, but that the flag cannot be changed > while running. The cache model on vnode labels basically means we assume > the underlying label storage won't change except through the supported MAC > APIs, and the mechanisms are not in place to walk the current vnode list to > re-synchronize if the backing store changes (i.e., is enabled). So as long > as your patch doesn't add the ability to modify the flag at run-time, it > sounds good to me. In principle the kernel shouldn't allow it regardless > of what mount requests, of course. > > Robert N M Watson > _______________________________________________ > trustedbsd-discuss@FreeBSD.org mailing list > http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss > To unsubscribe, send any mail to > "trustedbsd-discuss-unsubscribe@FreeBSD.org"