From owner-cvs-all  Mon Aug 19  5:51:48 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4F28D37B400; Mon, 19 Aug 2002 05:51:44 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 92E2743E75; Mon, 19 Aug 2002 05:51:43 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id g7JCm0Oo099487;
	Mon, 19 Aug 2002 08:48:00 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 19 Aug 2002 08:47:59 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Poul-Henning Kamp <phk@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern vfs_mount.c src/sys/sys mount.h         src/sys/security/lomac kernel_util.c
In-Reply-To: <200208190652.g7J6qLLK010002@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1020819084537.11578T-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

You'll probably want to update the NFS client code to use this credential
instead of the credential is caches in nfsmount.  The NFS client uses this
credential when it needs to create a fresh socket due to the old one no
longer being useful (i.e., TCP socket disconnected).  This corrected a
similar nit in the NFS code where the credential of the user on hand when
it needed to create a new socket, and the result was some fascinating
interactions with ipfw uid/gid rules and MAC.

Another possibly cred of great joy in this case (not the NFS case) would
be thread0.td_ucred, btw.  Not really quite right either, of course. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories

On Sun, 18 Aug 2002, Poul-Henning Kamp wrote:

> phk         2002/08/18 23:52:21 PDT
> 
>   Modified files:
>     sys/kern             vfs_mount.c 
>     sys/sys              mount.h 
>     sys/security/lomac   kernel_util.c 
>   Log:
>   Keep a copy of the credential used to mount filesystems around so
>   we can check and use it later on.
>   
>   Change the pieces of code which relied on mount->mnt_stat.f_owner
>   to check which user mounted the filesystem.
>   
>   This became needed as the EA code needs to be able to allocate
>   blocks for "system" EA users like ACLs.
>   
>   There seems to be some half-baked (probably only quarter- actually)
>   notion that the superuser for a given filesystem is the user who
>   mounted it, but this has far from been carried through.  It is
>   unclear if it should be.
>   
>   Sponsored by: DARPA & NAI Labs.
>   
>   Revision  Changes    Path
>   1.83      +7 -3      src/sys/kern/vfs_mount.c
>   1.8       +1 -1      src/sys/security/lomac/kernel_util.c
>   1.140     +1 -0      src/sys/sys/mount.h
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message