Hi, I'd like to start implementing the vnode scope for some of our file-systems. As with the rest of kauth(9), we'll do so in several steps, rather than switch all functionality at once. The first step will be implementing the back-end itself: the scope definition, some actions (just read/write/execute for now), an authorization wrapper, and a bsd44/suser simple listener ("if root or file-system allows then allow") -- see the attached diff. Once the back-end is in place, I'll follow-up with so...

can't you explain beforehand a bit what the goals are? Why do we need

On Sat, 4 Jul 2009 21:15:42 +0300 It's the second time I'm looking at this, and each time I wondered: hopefully a cleaner representation than XML will be used in the final ACL control tools? :) Thanks, -- Matt

I'd like to see some examples of what this is expected to look like. > /* > + * Vnode scope - actions. > + */ > +#define KAUTH_VNODE_READ_DATA (1 << 0) > +#define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA > +#define KAUTH_VNODE_WRITE_DATA (1 << 1) > +#define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA > +#define KAUTH_VNODE_EXECUTE (1 << 2) > +#define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE > + > +#define KAUTH_VNODE_AC...

If these need to be really bits then please use __BIT(0), __BIT(1), __BIT(2) and __BIT(31) Christoph

On Sat, 4 Jul 2009 23:24:53 +0100 I agree that C bit operators are obvious enough, although that may be a per-project style preference issue. With the bit operators, noone has to look at whatever the macro may expand to, especially that every project might define its unstandard wrapper... Moreover, the macros aren't necessarily shorter or more readable, and they result in less portable code. It seems that KNF doesn't have a suggestion about it either. But I don't have a strong opinion about t...