Date: Thu, 19 Oct 2000 00:53:59 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern vfs_subr.c src/sys/sys vnode.h src/sys/ufs/ufs ufs_lookup.c ufs_vnops.c Message-ID: <200010190753.AAA56722@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2000/10/19 00:53:59 PDT
Modified files:
sys/kern vfs_subr.c
sys/sys vnode.h
sys/ufs/ufs ufs_lookup.c ufs_vnops.c
Log:
o Introduce new VOP_ACCESS() flag VADMIN, allowing file systems to perform
"administrative" authorization checks. In most cases, the VADMIN test
checks to make sure the credential effective uid is the same as the file
owner.
o Modify vaccess() to set VADMIN as an available right if the uid is
appropriate.
o Modify references to uid-based access control operations such that they
now always invoke VOP_ACCESS() instead of using hard-coded policy checks.
o This allows alternative UFS policies to be implemented by replacing only
ufs_access() (such as mandatory system policies).
o VOP_ACCESS() requires the caller to hold an exclusive vnode lock on the
vnode: I believe that new invocations of VOP_ACCESS() are always called
with the lock held.
o Some direct checks of the uid remain, largely associated with the QUOTA
and SUIDDIR code.
Reviewed by: eivind
Obtained from: TrustedBSD Project
Revision Changes Path
1.287 +6 -1 src/sys/kern/vfs_subr.c
1.131 +8 -7 src/sys/sys/vnode.h
1.41 +3 -4 src/sys/ufs/ufs/ufs_lookup.c
1.151 +47 -24 src/sys/ufs/ufs/ufs_vnops.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010190753.AAA56722>