Re: Vnode scope implementation

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Elad Efrat <elad@...>

Cc: <tech-kern@...>

Date: Saturday, July 4, 2009 - 1:38 pm

On Sat, Jul 04, 2009 at 08:14:19PM +0300, Elad Efrat wrote:

quoted text> Once the back-end is in place, I'll follow-up with some more diffs

> transitioning various file-systems to use kauth(9) in different places

> -- access, chflags, chmod, etc.
I'd like to see some examples of what this is expected to look like.
 >  /*

 > + * Vnode scope - actions.

 > + */

 > +#define	KAUTH_VNODE_READ_DATA		(1 << 0)

 > +#define	KAUTH_VNODE_LIST_DIRECTORY	KAUTH_VNODE_READ_DATA

 > +#define	KAUTH_VNODE_WRITE_DATA		(1 << 1)

 > +#define	KAUTH_VNODE_ADD_FILE		KAUTH_VNODE_WRITE_DATA

 > +#define	KAUTH_VNODE_EXECUTE		(1 << 2)

 > +#define	KAUTH_VNODE_SEARCH		KAUTH_VNODE_EXECUTE

 > +

 > +#define	KAUTH_VNODE_ACCESS		(1 << 31)
I assume there's some reason these need to be bits rather than an

enumeration; however, when you go to implement you'll find you've left

a few things off here.
These are the vnode actions VINO's security system defined. I believe

that they're sufficient, and that at least most of them are necessary.

I don't claim that there's anything particularly good about this way

of structuring things; on the other hand, it *was* implemented and

*did* work.
/* These are what you can do to a file. */

enum file_may_t {

        MAY_READ,               // Read from a file (or device or...)

        MAY_APPEND,             // Write at end of a file

        MAY_OVERWRITE,          // Write anywhere in a file

        MAY_LINK,               // Link (or unlink) a file

        MAY_REMSTICKY,          // Delete a file from a public area

        MAY_EXECUTE,            // Execute contents of a file

        MAY_LOCK,               // Lock this file

        MAY_CHMOD,              // Chmod this file

};
/* These are what you can do to a directory. */

enum dir_may_t {

        MAY_READDIR,            // list a directory

        MAY_SEARCH,             // Name/open a subfile

        MAY_MOUNT,              // use as a mount point

        MAY_CREATE,             // add a new file

};
/* These are what you can do to a directory and a file inside it. */

enum dir_contents_may_t {

        MAY_ADDLINK,            // add new link to an existing file

        MAY_UNLINK,             // remove a file or directory

};
 > +int

 > +secmodel_bsd44_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,

 > +    void *cookie, void *arg0, void *arg1, void *arg2,

 > +    void *arg3)

 > +{

 >  [...]

 > +	int fs_decision;

 >  [...]

 > +	fs_decision = (int)(unsigned long)arg2;
Can't you figure out some way to arrange this that doesn't require

casting integers to pointers and back?
(And if you really really must do that, use {u,}intptr_t, not unsigned

long.)
--

David A. Holland

dholland@netbsd.org

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Vnode scope implementation, Elad Efrat, (Sat Jul 4, 1:14 pm)

Re: Vnode scope implementation, Alan Barrett, (Sat Jul 4, 3:12 pm)

Re: Vnode scope implementation, Alan Barrett, (Sun Jul 5, 6:47 am)

Re: Vnode scope implementation, Martin Husemann, (Sun Jul 5, 5:16 am)

Re: Vnode scope implementation, Marc Balmer, (Sat Jul 4, 1:52 pm)

Re: Vnode scope implementation, Elad Efrat, (Sat Jul 4, 2:15 pm)

Re: Vnode scope implementation, Matthew Mondor, (Sat Jul 4, 3:17 pm)

Re: Vnode scope implementation, Elad Efrat, (Sat Jul 4, 3:29 pm)

Re: Vnode scope implementation, David Holland, (Sat Jul 4, 1:38 pm)

Re: Vnode scope implementation, Elad Efrat, (Sat Jul 4, 2:08 pm)

Re: Vnode scope implementation, David Holland, (Sun Jul 5, 5:21 pm)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 5, 6:15 pm)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Thu Jul 16, 10:10 am)

Re: Vnode scope implementation, Elad Efrat, (Thu Jul 16, 11:44 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Sun Jul 19, 3:32 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 19, 8:00 am)

Re: Vnode scope implementation, David Holland, (Sun Jul 5, 6:53 pm)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 5, 10:02 pm)

Re: Vnode scope implementation, David Holland, (Fri Jul 10, 4:33 am)

Re: Vnode scope implementation, Elad Efrat, (Fri Jul 10, 7:06 am)

Re: Vnode scope implementation, Elad Efrat, (Mon Jul 13, 4:27 am)

Re: Vnode scope implementation, Elad Efrat, (Thu Jul 16, 8:06 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Thu Jul 16, 10:12 am)

Re: Vnode scope implementation, Andrew Doran, (Thu Jul 16, 6:06 pm)

Re: Vnode scope implementation, David Young, (Thu Jul 16, 12:19 pm)

Re: Vnode scope implementation, Elad Efrat, (Thu Jul 16, 12:39 pm)

Re: Vnode scope implementation, Christoph Badura, (Sun Jul 26, 8:07 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 26, 9:38 am)

Re: Vnode scope implementation, David Young, (Mon Jul 20, 1:02 pm)

Re: Vnode scope implementation, Elad Efrat, (Mon Jul 20, 5:25 pm)

Re: Vnode scope implementation, David Young, (Tue Jul 21, 12:29 pm)

Re: Vnode scope implementation, Elad Efrat, (Tue Jul 21, 2:06 pm)

Re: Vnode scope implementation, David Holland, (Wed Jul 22, 8:31 pm)

Re: Vnode scope implementation, Elad Efrat, (Wed Jul 22, 9:12 pm)

Re: Vnode scope implementation, David Holland, (Wed Jul 22, 10:16 pm)

Re: Vnode scope implementation, Elad Efrat, (Thu Jul 16, 12:10 pm)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Sun Jul 19, 3:34 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 19, 7:53 am)

Re: Vnode scope implementation, Thor Lancelot Simon, (Sun Jul 19, 9:47 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 19, 9:54 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Sun Jul 19, 8:49 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 19, 8:58 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Wed Jul 22, 4:05 am)

Re: Vnode scope implementation, Elad Efrat, (Wed Jul 22, 6:46 am)

Re: Vnode scope implementation, David Holland, (Wed Jul 22, 8:40 pm)

Re: Vnode scope implementation, der Mouse, (Thu Jul 23, 6:08 am)

Re: Vnode scope implementation, David Holland, (Fri Jul 24, 11:46 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Wed Jul 22, 7:05 am)

Re: Vnode scope implementation, Elad Efrat, (Wed Jul 22, 8:18 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Sun Jul 26, 10:51 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 26, 10:55 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Mon Aug 3, 7:07 pm)

Re: Vnode scope implementation, Elad Efrat, (Mon Aug 3, 11:19 pm)

Re: Vnode scope implementation, Elad Efrat, (Thu Aug 20, 9:52 pm)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Fri Aug 21, 6:19 am)

Re: Vnode scope implementation, Marc Balmer, (Fri Aug 21, 6:26 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Fri Aug 21, 6:32 am)

Re: Vnode scope implementation, Marc Balmer, (Fri Aug 21, 7:17 am)

Re: Vnode scope implementation, Elad Efrat, (Fri Aug 21, 11:11 am)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Sun Aug 23, 11:15 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Aug 23, 2:31 pm)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Tue Aug 25, 11:43 am)

Re: Vnode scope implementation, Elad Efrat, (Tue Aug 25, 2:06 pm)

Re: Vnode scope implementation, YAMAMOTO Takashi, (Tue Aug 25, 4:00 pm)

Re: Vnode scope implementation, Marc Balmer, (Tue Aug 25, 4:18 pm)

Re: Vnode scope implementation, Elad Efrat, (Fri Aug 28, 3:58 pm)

Re: Vnode scope implementation, Elad Efrat, (Tue Aug 25, 4:18 pm)

Re: Vnode scope implementation, David Holland, (Sun Jul 19, 4:17 pm)

Re: Vnode scope implementation, David Holland, (Sun Jul 19, 4:19 pm)

Re: Vnode scope implementation, Marc Balmer, (Sun Jul 19, 9:07 am)

Re: Vnode scope implementation, Elad Efrat, (Sun Jul 19, 9:30 am)

Re: Vnode scope implementation, Marc Balmer, (Sun Jul 19, 9:32 am)

Re: Vnode scope implementation, Christoph Egger, (Sat Jul 4, 1:45 pm)

Re: Vnode scope implementation, David Laight, (Sat Jul 4, 6:24 pm)

Re: Vnode scope implementation, Matthew Mondor, (Sat Jul 4, 6:52 pm)

Re: Vnode scope implementation, Elad Efrat, (Sat Jul 4, 2:09 pm)


linux-kernel:
Peter Zijlstra	[RFC][PATCH 7/7] lockdep: spin_lock_nest_lock()
Gabriel C	Re: 2.6.24-rc2-mm1
Andrew Morton	Re: [PATCH 2.6.21] cramfs: add cramfs Linear XIP
Jiri Kosina	Re: 2.6.21-rc5-mm4
git:

linux-netdev:
Gregory Haskins	[RFC PATCH 00/17] virtual-bus
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
openbsd-misc:

Re: Vnode scope implementation

Online users