move audit/priviliage check into VFS
kostikbel at gmail.com
Mon Apr 23 12:13:23 UTC 2007
On Sun, Apr 22, 2007 at 02:58:30PM -0700, Howard Su wrote:
> When I working on tmpfs privilege, I need copy a lot of privilege
> check code from UFS. I suppose there is same problem in ZFS. So moving
> this sort of privilege code into VFS will reduce a lot of duplicate
> code and also make fs implementation simple and consistent in security
> Besides that, some quota/extattr feature can be also implement in VFS layer.
Quota code (ufs/ufs/ufs_quota.c) is mostly filesystem-independent, it
only require particular format for the quota file, and several fields in
the ufs mount structure, as well as ufs mount interlock. The later could be
factored-out quite easily.
On the other hand, only ufs is stuffed with hooks for the quota handling.
> I suppose the fact today that a lot of stuffs are UFS related is
> because we have VFS after UFS. So VFS only abstracts the common stuffs
> for a misc file system like iso/udf/msdosfs. We didn't suppose we will
> have more full-featured file system besides UFS. (NFS has its own &
> different implementation about security.)
> Does VFS have other design goal that I am not aware to preventing us
> moving more shared code into it?
I would let others comment on the feasibility of factoring out permission
What I want to point out is that some time ago UFS itself was considered
as layer with underlying implementation providing the actual structure
for the storage. At least two such implementations existed, FFS and
LFS. The LFS is long dead and removed from CVS. All that left from the
layering is several method pointers in struct ufsmount. I suspect that
current code has eroded the border between UFS and FFS. That said, I'm
not sure whether implementing tmpfs as some TMPFS under UFS layer is
possible now, but you may look at this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20070423/9ac39af9/attachment.pgp
More information about the freebsd-arch