From owner-freebsd-arch  Wed Sep 27  0:23:59 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6CE9F37B424; Wed, 27 Sep 2000 00:23:51 -0700 (PDT)
Received: (from daemon@localhost)
	by smtp04.primenet.com (8.9.3/8.9.3) id AAA02627;
	Wed, 27 Sep 2000 00:21:16 -0700 (MST)
Received: from usr05.primenet.com(206.165.6.205)
 via SMTP by smtp04.primenet.com, id smtpdAAA2Xa4bf; Wed Sep 27 00:21:10 2000
Received: (from tlambert@localhost)
	by usr05.primenet.com (8.8.5/8.8.5) id AAA20257;
	Wed, 27 Sep 2000 00:23:38 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <200009270723.AAA20257@usr05.primenet.com>
Subject: Re: VOP_ACCESS() and new VADMIN/VATTRIB?
To: julian@elischer.org (Julian Elischer)
Date: Wed, 27 Sep 2000 07:23:38 +0000 (GMT)
Cc: rwatson@FreeBSD.ORG (Robert Watson), freebsd-fs@FreeBSD.ORG,
	freebsd-arch@FreeBSD.ORG, trustedbsd-discuss@TrustedBSD.org
In-Reply-To: <Pine.BSF.4.10.10009262311160.13148-100000@InterJet.elischer.org> from "Julian Elischer" at Sep 26, 2000 11:12:37 PM
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Julian Elisher wrote:
> I agree with all you have said here.
> 
> On Tue, 26 Sep 2000, Robert Watson wrote:
> > In general, access control for operations within a file system is
> > determined via a recursive VOP_ACCESS() call on the vnode, vis.
> > 
> > VOP_OPEN(vp, ...) -> ufs_open(vp, ...) -> VOP_ACCESS(vp, ...) ->
> >     ufs_access(vp, ...)
> [...]

Perhaps a better question would be "assuming you generalize
the references cited using the orioised VADMIN, how many
references not using VOP_ACCES() will remain?".

I think the generalization and centralization which took
place are really bad things, since I think administrative
policy is something that I may very well want to set on
_both_ a system basis _and_ on a per-FS basis.

I also think that read-only-ness of an FS is a mount
option having nothing to do with the underlying FS itself.

It seems to me that some of the centralization should, in
fact, be backed out, since it seems that it would preclude
layer recursion in some useful stacking arrangements, much
in the same was a non-NULL VOP did when the "default" layer
was introduced (with no mechanism to provide default
semantics for nely defined VOPs, without a kernel recompile).


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message