From owner-freebsd-arch@FreeBSD.ORG Sun Apr 22 22:25:39 2007 Return-Path: X-Original-To: arch@freebsd.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 37F4916A407 for ; Sun, 22 Apr 2007 22:25:39 +0000 (UTC) (envelope-from howard0su@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.freebsd.org (Postfix) with ESMTP id ED8FF13C45E for ; Sun, 22 Apr 2007 22:25:38 +0000 (UTC) (envelope-from howard0su@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so1133281pyh for ; Sun, 22 Apr 2007 15:25:38 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=m9LaQg11pXWpxEnDcCO63l+ZaDk+iL/rQ5h1RJ+01kePBoaC5/GEBGAr+SAobGapEyCTqA1fWqQ8StjeFPk6kBtPp879JZsmf18n1KIkE59Mjv0oF1qP+g0CYSNM8dVk2z3og14Hab4TywpG0Qndl8wP0clJGSXK5av4/DfoB6c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=px4zOP4MFrNrqPyXrec2u1i6xDTLrtnkIoPbT1M9ZkxTOEi+MrQJw6R+KZwjozJYmao0VqO7h5T1l/ecxbhtgrXhRn3hNk6jgoSRYXGhpsl09r8xPIilmUIK9Xi+WqT6kViBgfnfTi0P0V7fsAd5BZeVz8d4F2TelT0G3tOr2+w= Received: by 10.35.98.3 with SMTP id a3mr9733244pym.1177279110991; Sun, 22 Apr 2007 14:58:30 -0700 (PDT) Received: by 10.35.54.15 with HTTP; Sun, 22 Apr 2007 14:58:30 -0700 (PDT) Message-ID: Date: Sun, 22 Apr 2007 14:58:30 -0700 From: "Howard Su" To: "Pawel Jakub Dawidek" , arch@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: move audit/priviliage check into VFS X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Apr 2007 22:25:39 -0000 When I working on tmpfs privilege, I need copy a lot of privilege check code from UFS. I suppose there is same problem in ZFS. So moving this sort of privilege code into VFS will reduce a lot of duplicate code and also make fs implementation simple and consistent in security thing. Besides that, some quota/extattr feature can be also implement in VFS layer. I suppose the fact today that a lot of stuffs are UFS related is because we have VFS after UFS. So VFS only abstracts the common stuffs for a misc file system like iso/udf/msdosfs. We didn't suppose we will have more full-featured file system besides UFS. (NFS has its own & different implementation about security.) Does VFS have other design goal that I am not aware to preventing us moving more shared code into it? -- -Howard