From owner-freebsd-arch@FreeBSD.ORG Tue Apr 24 08:19:29 2007 Return-Path: X-Original-To: arch@freebsd.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A19C416A46E; Tue, 24 Apr 2007 08:19:29 +0000 (UTC) (envelope-from SRS0+0d542715679c15f37660+1339+infradead.org+hch@pentafluge.srs.infradead.org) Received: from pentafluge.infradead.org (pentafluge.infradead.org [213.146.154.40]) by mx1.freebsd.org (Postfix) with ESMTP id 644C213C484; Tue, 24 Apr 2007 08:19:29 +0000 (UTC) (envelope-from SRS0+0d542715679c15f37660+1339+infradead.org+hch@pentafluge.srs.infradead.org) Received: from hch by pentafluge.infradead.org with local (Exim 4.63 #1 (Red Hat Linux)) id 1HgFwA-0005hm-BB; Tue, 24 Apr 2007 08:59:46 +0100 Date: Tue, 24 Apr 2007 08:59:46 +0100 From: Christoph Hellwig To: Howard Su Message-ID: <20070424075946.GA20864@infradead.org> References: <20070423132006.T26224@fledge.watson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.2i X-SRS-Rewrite: SMTP reverse-path rewritten from by pentafluge.infradead.org See http://www.infradead.org/rpr.html Cc: arch@freebsd.org, Robert Watson , Pawel Jakub Dawidek Subject: Re: move audit/priviliage check into VFS X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 08:19:29 -0000 On Mon, Apr 23, 2007 at 04:22:32PM -0700, Howard Su wrote: > >access check appear in the calling code itself. Can we refine > >VOP_ACCESS() a > >bit further to get what we need, or do we need new common functions? > > > In FS dependent code, we don't only call VOP_ACCESS, but also check > some flags like ISUID, ISGID, NOUNLINK, APPEND, etc. This sort of > stuffs are so easy to regerssion when I work on tmpfs and it should be > almost same code in all the FS. However VFS don't have this sort of > information in vnode structure. Is this can be added? You might want to look a little at the Linux approach. As a start do a mental s/permission/access/ because linux calls the routine to do permissions checks *permission* not *access*/*ACCESS*/. At the highest level there is a permission() routine in generic code, which does all checks that are not specific to a security model, like denying write requests to ro mounts or immutable files, and then hands down into the filesystem permission routine. For the filesystem permission routines there's a generic one again for the typical unix filesystem that performs all the remaining classic unix permission check semantics. Now in Linux this is a little easier because we store a lot more information in the generic inode (aka your vnode), but with a VOP_GETATTR thrown in you could probably do something similar.