Date: Thu, 5 May 2005 09:30:44 +0930 From: "Wilkinson, Alex" <alex.wilkinson@dsto.defence.gov.au> To: freebsd-arch@freebsd.org Subject: Re: Aligning extended attributes API with Mac OSX? Message-ID: <20050505000041.GA28165@squash.dsto.defence.gov.au> In-Reply-To: <20050504234531.V40267@fledge.watson.org> References: <20050503155347.GA3768@crodrigues.org> <20050504234531.V40267@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
0n Wed, May 04, 2005 at 11:50:01PM +0100, Robert Watson wrote:
>
>On Tue, 3 May 2005, Craig Rodrigues wrote:
>
>>An extended attributes API was just added to Mac OSX 10.4. This API
>>looks very similar to FreeBSD's. Right now there is no POSIX standard
>>for extended attributes, but EA are useful for many different types of
>>things.
>>
>>I don't know if EA are widely used in applications on FreeBSD, but what
>>do people think about aligning our API with Mac OSX?
>>
>>Here are the man pages for some of the API's:
>
>I've actually started looking through the kernel parts of the EA APIs, and
>will shortly be working my way to system calls, library calls, etc. It is
>my intent to adopt more widely used APIs as appropriate -- when I added EA
>APIs to FreeBSD, the only comparable APIs I knew of were the HPFS extended
>attribute model, and the SGI XFS model. I modeled our EA semantics on the
>SGI model, following meetings and e-mail exchanges with members of SGI's
>trusted OS group. I had hoped that we'd pursuade others to pick up our
>APIs, such as the Linux ACL and capability developers, but apparently I
>was unsuccessful in doing that, although we did reach concensus on
>elements of the POSIX.1e draft ACL APIs in a number of areas.
>
>So this is something I am willing and happy to look at; we'll need to go
>through a proper deprecation cycle, and it will happen time permitting.
>If you're interested in looking into the details and summarizing the
>specific changes, that might be quite helpful. In particular, one of the
>more important aspects of our design, derived from SGI's design, is the
>association of protection properties with "name spaces". I.e., a system
>name space that requires privilege to manipulate, so can hold system
>maintained properties, such as ACLs and MAC labels, vs a user name space,
>which is protected using the normal permissions/ACLs on a file, permitting
>users to modify the contents. Determining to what extent protections are
>handled/managed in the Darwin model will be important.
>
>I'm scheduled to visit Apple shortly after BSDCan to talk about these and
>related issues -- if you come up with specific questions or concerns
>before then, I can raise them during my visit.
FYI there is a solid review of Tiger at arstechnica (109 pages). Here
is the section on macos-x's EA: [http://arstechnica.com/reviews/os/macosx-10.4.ars/7]
- aW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050505000041.GA28165>