Removed extended attributes code from website as now in source tree

[Robert Watson]

As the extended attribute code from the web site, as it's now part of the
base distribution.  Since my first commit, I've introduced a number of
minor features and bugfixes:

o Modified attribute file header to include a magic number, and file
  version information.  Prompted in particular by the next change.

o Added inode generation number to the per-attribute-entry header so
  as to sanity check attribute retrievals.  If the generation number
  in the header doesn't match that of the inode being used to retrieve
  the attribute, coerce the situation to the attribute being "undefined"
  and print an error on the console.  This can only happen if: 1) file
  system is corrupted/whatever, 2) attributes and file system are out
  of synch due to extended running without the attribute enabled, or 3)
  the attribute file was not intended for use with this file system.
  To be honest, this isn't ideal either. :-)

o extattrctl now allows the setting of rights on the attribute via the
  command line, rather than a compiled define.  Levels for read and
  write are: kernel, root, owner, anyone.  This is for the purposes of
  the in-band API modifications of attributes, and doesn't affect
  whether or not the backing file can be directly modified.  This is
  an important thing from the perspective of configuring a production
  system, and will be documented further.

o I'm about to commit a "-p" argument which causes extattrctl to
  preallocate space for the attributes rather than using a sparse file.
  This can provent a DoS on attribute writing if the file system is
  full, but can also consume a lot of space (worst-case for variable
  length attribute values).  However, a useful flag if one is thinking
  of MAC labels, et al :-).

Man pages have not been updated to reflect a few of these changes, but
will be shortly.

Per Ilmar's comments on the in-kernel VOP interface, I will most likely
provide some vn_*() functions to simplify coding.  It should be observed
that doing so pushes the kernel call stack a little deeper, which is
something to watch out for (I observed a problem with using printf buried
deep within FFS a little while ago, so we may need to increase UPAGES).
I'll post the easier wrapper function API in a couple of days, and commit
shortly thereafter if there are no objections.  I recognize that such a
set of wraper functions would simplify coding of activities using
attributes, as well as combine a lot of identical code.

I've been hacking some more on capabilities and hope to post an update in
a couple of days.  It's raised some questions about auditing and reporting
the use of privilege, and I'll probably send out an email with regards to
these considerations in a couple of days also.

Thanks,

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message