Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Aug 2002 08:47:59 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Poul-Henning Kamp <phk@FreeBSD.org>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern vfs_mount.c src/sys/sys mount.h         src/sys/security/lomac kernel_util.c
Message-ID:  <Pine.NEB.3.96L.1020819084537.11578T-100000@fledge.watson.org>
In-Reply-To: <200208190652.g7J6qLLK010002@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
You'll probably want to update the NFS client code to use this credential
instead of the credential is caches in nfsmount.  The NFS client uses this
credential when it needs to create a fresh socket due to the old one no
longer being useful (i.e., TCP socket disconnected).  This corrected a
similar nit in the NFS code where the credential of the user on hand when
it needed to create a new socket, and the result was some fascinating
interactions with ipfw uid/gid rules and MAC.

Another possibly cred of great joy in this case (not the NFS case) would
be thread0.td_ucred, btw.  Not really quite right either, of course. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories

On Sun, 18 Aug 2002, Poul-Henning Kamp wrote:

> phk         2002/08/18 23:52:21 PDT
> 
>   Modified files:
>     sys/kern             vfs_mount.c 
>     sys/sys              mount.h 
>     sys/security/lomac   kernel_util.c 
>   Log:
>   Keep a copy of the credential used to mount filesystems around so
>   we can check and use it later on.
>   
>   Change the pieces of code which relied on mount->mnt_stat.f_owner
>   to check which user mounted the filesystem.
>   
>   This became needed as the EA code needs to be able to allocate
>   blocks for "system" EA users like ACLs.
>   
>   There seems to be some half-baked (probably only quarter- actually)
>   notion that the superuser for a given filesystem is the user who
>   mounted it, but this has far from been carried through.  It is
>   unclear if it should be.
>   
>   Sponsored by: DARPA & NAI Labs.
>   
>   Revision  Changes    Path
>   1.83      +7 -3      src/sys/kern/vfs_mount.c
>   1.8       +1 -1      src/sys/security/lomac/kernel_util.c
>   1.140     +1 -0      src/sys/sys/mount.h
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020819084537.11578T-100000>