cvs commit: src/sys/kern kern_acl.c src/sys/sys acl.h vnode.h (fwd)
Robert Watson
rwatson at FreeBSD.org
Tue Mar 6 17:40:44 GMT 2001
As this commit message indicates, I just committed the majority of the ACL
support code to the FreeBSD 5.0-CURRENT branch. I have not committed the
UFS-specific code yet, as there appears to be some sort of stability bug
that is turning up during disk-intensive (and possibly highly parallel)
operation. For example, I was able to trigger a crash by doing a
simultaneous {make -j 8 buildworld, cvsup, cvs update}. Once I get back
to Massachusetts on Wednesday (assuming I'm not snowed out) I'll attempt
to track this down. As a result of this commit, and additional fixes
submitted by Chris Faulhaber for the setfacl tool, I'll be re-rolling the
ACL patches this evening. I plan to commit the new ACL userland tools in
the near future, as this will allow the addition of ACLs to other file
systems as well as UFS (for example, sysctlfs, and other file systems that
map kernel objects into userspace).
Work is underway to reimplement my original MAC patches (have been up on
the web site for a bit as mac_prerelease.diff) by introducing a new kernel
object label abstraction, struct objlabel, which can be associated with
various kernel objects in the style of a struct ucred. The objlabel
structure will also include a struct acl, so we will be able to slap
objlabel's into various protectable objects and allow their protections to
be fiddled with. I hope to have initial patches reimplenting MAC using
struct objlabel within a week or two, allowing for weather.
As I've stated in a couple of forums now, we're planning to introduce two
new target platforms for the TrustedBSD work: OpenBSD, and Apple's Darwin.
These introductions will rely on assistance from those developer
communities: I've received substantial interest from OpenBSD developers
and users in porting over support for extended attributes and ACLs, and
interest from Apple in the full suite of TrustedBSD services. From the
perspective of my personal time allocation, FreeBSD will remain the
primary porting target, but with the help of OpenBSD and Darwin
developers, we can make TrustedBSD extensions a reality on their
platforms. Given the similarity of their source bases, this should
actually provide to be a relatively straight-forward task (modulo Mach
interactions in Darwin) :-).
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org NAI Labs, Safeport Network Services
---------- Forwarded message ----------
Date: Tue, 6 Mar 2001 09:28:25 -0800 (PST)
From: Robert Watson <rwatson at FreeBSD.org>
To: cvs-committers at FreeBSD.org, cvs-all at FreeBSD.org
Subject: cvs commit: src/sys/kern kern_acl.c src/sys/sys acl.h vnode.h
rwatson 2001/03/06 09:28:25 PST
Modified files:
sys/kern kern_acl.c
sys/sys acl.h vnode.h
Log:
o Introduce filesystem-independent POSIX.1e ACL utility routines to
support implementations of ACLs in file systems. Introduce the
following new functions:
vaccess_acl_posix1e() vaccess() that accepts an ACL
acl_posix1e_mode_to_perm() Convert mode bits to ACL rights
acl_posix1e_mode_to_entry() Build ACL entry from mode/uid/gid
acl_posix1e_perms_to_mode() Generate file mode from ACL
acl_posix1e_check() Syntax verification for ACL
These functions allow a file system to rely on central ACL evaluation
and syntax checking, as well as providing useful utilities to
allow ACL-based file systems to generate mode/owner/etc information
to return via VOP_GETATTR(), and to support file systems that split
their ACL information over their existing inode storage (mode, uid,
gid) and extended ACL into extended attributes (additional users,
groups, ACL mask).
o Add prototypes for exported functions to sys/acl.h, sys/vnode.h
Reviewed by: trustedbsd-discuss, freebsd-arch
Obtained from: TrustedBSD Project
Revision Changes Path
1.8 +441 -6 src/sys/kern/kern_acl.c
1.11 +10 -5 src/sys/sys/acl.h
1.138 +3 -1 src/sys/sys/vnode.h
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list