From owner-freebsd-audit Sun Feb 11 13:39:25 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 926B937B401; Sun, 11 Feb 2001 13:39:18 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1BLcJh78866; Sun, 11 Feb 2001 16:38:19 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sun, 11 Feb 2001 16:38:18 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: arch@FreeBSD.org, freebsd-audit@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org Subject: Import of additional kernel ACL support, 0.5.2 ACL release Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (Blatant cross-posting detected by author, sending anyway) The TrustedBSD ACL implementation is now up to release 0.5.2 and appears to be relatively stable when in use. There are several components to the ACL implementation: - Kernel interfaces (ACL system call interface, and VFS interface) - Kernel generics (POSIX.1e evaluation routines, syscall->VFS wrappers/locking/name lookup) - Kernel UFS implementation mapping ACLs into extended attributes - Userland library (acl* in libposix1e) - Userland utilities (getfacl, setfacl) Right now, the userland library (part of libposix1e) is in the base source tree, as are the kernel interfaces (system call and VFS). The userland utilities are now reaching maturity thanks to efforts by Chris Faulhaber, and the libraries are also reach maturity with the help of Chris Faulhaber and Brian Feldman. The next two components I'd like to import are the userland utilities, and the kernel generics. These are relatively mature, and accurately implement the majority of the desirable POSIX.1e and POSIX.2c specs (library and tools respecively). This will allow us to start using ACLs on synthetic file systems, such as sysctlfs and devfs, by providing common evaluation functions in kern_acl.c. Before I import these, I would like it if there could be a fairly thorough review of correctness of the evaluation code in kern_acl.c (in particular, the access control portions that replace the standard vaccess() on file systems providing ACLs). It is very important to me, and I'm sure others, that I do not introduce weaknesses through incorrect implementation :-), and that it comply with the POSIX.1e draft spec so that portable tools supporting ACLs function correctly. The files I intend to commit are src/sys/kern_acl.c and src/sys/sys/acl.h; both exist in -CURRENT right now, but kern_acl.c is largely a stub. There are minor updates to acl.h to reflect the new support functions exported from kern_acl.c. For a copy of the POSIX.1e spec and related documents, see the URLs inside the 0.5.2 tarball, in the references directory. I do not plan to import the UFS/FFS implementation until the extended attribute implementation is more mature -- this is work that we're currently identifying funding for and hope to have underway by summer. These improvements will include a block-level implementation of extended attributes, which will offer higher performance and tighter integration in FFS and with regards to softupdates. The existing implementation on top of current extended attributes appears to work correctly, but it's performance leaves something to be desired. You can grab the complete ACL distribution from: http://www.TrustedBSD.org/downloads/ The 0.5.2 distribution is now online and available for download, and should apply against a recent -CURRENT (although you probably want to avoid the SMP instabilities from yesterday, and brief lc* stuff today). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message