Date: Mon, 23 Apr 2007 14:50:42 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Howard Su <howard0su@gmail.com> Cc: arch@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org> Subject: Re: move audit/priviliage check into VFS Message-ID: <20070423115042.GF2052@deviant.kiev.zoral.com.ua> In-Reply-To: <f126fae00704221458k41e6b758ld99486f6e837939@mail.gmail.com> References: <f126fae00704221458k41e6b758ld99486f6e837939@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZRyEpB+iJ+qUx0kp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 22, 2007 at 02:58:30PM -0700, Howard Su wrote: > When I working on tmpfs privilege, I need copy a lot of privilege > check code from UFS. I suppose there is same problem in ZFS. So moving > this sort of privilege code into VFS will reduce a lot of duplicate > code and also make fs implementation simple and consistent in security > thing. >=20 > Besides that, some quota/extattr feature can be also implement in VFS lay= er. Quota code (ufs/ufs/ufs_quota.c) is mostly filesystem-independent, it only require particular format for the quota file, and several fields in the ufs mount structure, as well as ufs mount interlock. The later could be factored-out quite easily. On the other hand, only ufs is stuffed with hooks for the quota handling. > I suppose the fact today that a lot of stuffs are UFS related is > because we have VFS after UFS. So VFS only abstracts the common stuffs > for a misc file system like iso/udf/msdosfs. We didn't suppose we will > have more full-featured file system besides UFS. (NFS has its own & > different implementation about security.) >=20 > Does VFS have other design goal that I am not aware to preventing us > moving more shared code into it? I would let others comment on the feasibility of factoring out permission check code. What I want to point out is that some time ago UFS itself was considered as layer with underlying implementation providing the actual structure for the storage. At least two such implementations existed, FFS and LFS. The LFS is long dead and removed from CVS. All that left from the layering is several method pointers in struct ufsmount. I suspect that current code has eroded the border between UFS and FFS. That said, I'm not sure whether implementing tmpfs as some TMPFS under UFS layer is possible now, but you may look at this. --ZRyEpB+iJ+qUx0kp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGLJ2SC3+MBN1Mb4gRAqU9AJ92Mk4kvJjEjqOAjaOecvzsNADOIwCfX+8z SHEMG/asdtfqje0f/7fuhAs= =6TKx -----END PGP SIGNATURE----- --ZRyEpB+iJ+qUx0kp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070423115042.GF2052>