Date: Tue, 4 Feb 2003 08:08:02 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: "Ilmar S. Habibulin" <ilmar@watson.org> Cc: freebsd-current@freebsd.org Subject: Re: What is the difference between p_ucred and td_ucred? Message-ID: <Pine.NEB.3.96L.1030204080633.97782A-100000@fledge.watson.org> In-Reply-To: <20030204032624.U9181-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Feb 2003, Ilmar S. Habibulin wrote: > On Mon, 3 Feb 2003, Robert Watson wrote: > > > The strategy for selecting a credential to check against is generally to > > use td_ucred, and to hold no locks. You'll see that suser() does this, > > for example. Under some circumstances: specifically, credential updates, > > you need to hold the process lock and atomically check the process > > credential before updating. If the thread doesn't immediately leave the > > kernel (i.e., more checks might be performed), you'll also need to > > propagate the cred change to the thread from the process. > > Ok. Thank you for an expanation, I'll consider that. Now i'm trying to > reanimate Thomas Moestls' capability work. Is anybody interested in such > integration? I have almost bootable kernel and now will try to > understand kernel structures locking and td_ucred/p_ucred interactions, > to make nessesary changes. > > Or SEBSD make capabilities completly unnesessary? We have tentative plans to support Capabilities-like models via a plug-in module using the MAC Framework sometime over the next few months. Slotting the POSIX.1e capabilities work into that makes a lot of sense. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030204080633.97782A-100000>