move audit/priviliage check into VFS
Christoph Hellwig
hch at infradead.org
Tue Apr 24 08:19:29 UTC 2007
On Mon, Apr 23, 2007 at 04:22:32PM -0700, Howard Su wrote:
> >access check appear in the calling code itself. Can we refine
> >VOP_ACCESS() a
> >bit further to get what we need, or do we need new common functions?
> >
> In FS dependent code, we don't only call VOP_ACCESS, but also check
> some flags like ISUID, ISGID, NOUNLINK, APPEND, etc. This sort of
> stuffs are so easy to regerssion when I work on tmpfs and it should be
> almost same code in all the FS. However VFS don't have this sort of
> information in vnode structure. Is this can be added?
You might want to look a little at the Linux approach. As a start
do a mental s/permission/access/ because linux calls the routine to
do permissions checks *permission* not *access*/*ACCESS*/.
At the highest level there is a permission() routine in generic code,
which does all checks that are not specific to a security model,
like denying write requests to ro mounts or immutable files, and
then hands down into the filesystem permission routine.
For the filesystem permission routines there's a generic one again for
the typical unix filesystem that performs all the remaining classic
unix permission check semantics.
Now in Linux this is a little easier because we store a lot more
information in the generic inode (aka your vnode), but with a VOP_GETATTR
thrown in you could probably do something similar.
More information about the freebsd-arch
mailing list