Date: Mon, 23 Apr 2007 16:22:32 -0700 From: "Howard Su" <howard0su@gmail.com> To: "Robert Watson" <rwatson@freebsd.org> Cc: arch@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org> Subject: Re: move audit/priviliage check into VFS Message-ID: <f126fae00704231622p53c24379j2ace6e153fe70287@mail.gmail.com> In-Reply-To: <20070423132006.T26224@fledge.watson.org> References: <f126fae00704221458k41e6b758ld99486f6e837939@mail.gmail.com> <20070423132006.T26224@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/23/07, Robert Watson <rwatson@freebsd.org> wrote: > > > Pawel and I have talked about this a bit in the past -- vaccess(9) and > vaccess_acl_posix1e(9) were really the first step in abstracting file system > access control decisions, and aren't a bad step -- they certainly cover a lot > of the previously plentifully replicated cases (countless foo_access() VOP > implementations). However, I think we should be restrained and do a bit of > experimentation -- sometimes as much work could be done bundling up the common > arguments to deliver them to a central access check as is done in having the > access check appear in the calling code itself. Can we refine VOP_ACCESS() a > bit further to get what we need, or do we need new common functions? > In FS dependent code, we don't only call VOP_ACCESS, but also check some flags like ISUID, ISGID, NOUNLINK, APPEND, etc. This sort of stuffs are so easy to regerssion when I work on tmpfs and it should be almost same code in all the FS. However VFS don't have this sort of information in vnode structure. Is this can be added? -- -Howard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f126fae00704231622p53c24379j2ace6e153fe70287>