Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Feb 2001 16:38:18 -0500 (EST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        arch@FreeBSD.org, freebsd-audit@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org
Subject:   Import of additional kernel ACL support, 0.5.2 ACL release
Message-ID:  <Pine.NEB.3.96L.1010210152210.30518d-100000@fledge.watson.org>

next in thread | raw e-mail | index | archive | help
(Blatant cross-posting detected by author, sending anyway)

The TrustedBSD ACL implementation is now up to release 0.5.2 and appears
to be relatively stable when in use.  There are several components to the
ACL implementation: 

- Kernel interfaces (ACL system call interface, and VFS interface)
- Kernel generics (POSIX.1e evaluation routines, syscall->VFS
  wrappers/locking/name lookup)
- Kernel UFS implementation mapping ACLs into extended attributes
- Userland library (acl* in libposix1e)
- Userland utilities (getfacl, setfacl)

Right now, the userland library (part of libposix1e) is in the base source
tree, as are the kernel interfaces (system call and VFS).  The userland
utilities are now reaching maturity thanks to efforts by Chris Faulhaber,
and the libraries are also reach maturity with the help of Chris Faulhaber
and Brian Feldman.

The next two components I'd like to import are the userland utilities, and
the kernel generics.  These are relatively mature, and accurately
implement the majority of the desirable POSIX.1e and POSIX.2c specs
(library and tools respecively).  This will allow us to start using ACLs
on synthetic file systems, such as sysctlfs and devfs, by providing common
evaluation functions in kern_acl.c.

Before I import these, I would like it if there could be a fairly thorough
review of correctness of the evaluation code in kern_acl.c (in particular,
the access control portions that replace the standard vaccess() on file
systems providing ACLs).  It is very important to me, and I'm sure others,
that I do not introduce weaknesses through incorrect implementation :-),
and that it comply with the POSIX.1e draft spec so that portable tools
supporting ACLs function correctly.

The files I intend to commit are src/sys/kern_acl.c and src/sys/sys/acl.h;
both exist in -CURRENT right now, but kern_acl.c is largely a stub.  There
are minor updates to acl.h to reflect the new support functions exported
from kern_acl.c.  For a copy of the POSIX.1e spec and related documents,
see the URLs inside the 0.5.2 tarball, in the references directory.

I do not plan to import the UFS/FFS implementation until the extended
attribute implementation is more mature -- this is work that we're
currently identifying funding for and hope to have underway by summer.
These improvements will include a block-level implementation of extended
attributes, which will offer higher performance and tighter integration in
FFS and with regards to softupdates.  The existing implementation on top
of current extended attributes appears to work correctly, but it's
performance leaves something to be desired.

You can grab the complete ACL distribution from:

  http://www.TrustedBSD.org/downloads/

The 0.5.2 distribution is now online and available for download, and
should apply against a recent -CURRENT (although you probably want to
avoid the SMP instabilities from yesterday, and brief lc* stuff today). 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010210152210.30518d-100000>