cvs commit: src/sys/kern kern_acl.c src/sys/sys acl.h vnode.h (fwd)

Robert Watson rwatson at
Tue Mar 6 17:40:44 GMT 2001

As this commit message indicates, I just committed the majority of the ACL
support code to the FreeBSD 5.0-CURRENT branch.  I have not committed the
UFS-specific code yet, as there appears to be some sort of stability bug
that is turning up during disk-intensive (and possibly highly parallel)
operation.  For example, I was able to trigger a crash by doing a
simultaneous {make -j 8 buildworld, cvsup, cvs update}.  Once I get back
to Massachusetts on Wednesday (assuming I'm not snowed out) I'll attempt
to track this down.  As a result of this commit, and additional fixes
submitted by Chris Faulhaber for the setfacl tool, I'll be re-rolling the
ACL patches this evening.  I plan to commit the new ACL userland tools in
the near future, as this will allow the addition of ACLs to other file
systems as well as UFS (for example, sysctlfs, and other file systems that
map kernel objects into userspace).

Work is underway to reimplement my original MAC patches (have been up on
the web site for a bit as mac_prerelease.diff) by introducing a new kernel
object label abstraction, struct objlabel, which can be associated with
various kernel objects in the style of a struct ucred.  The objlabel
structure will also include a struct acl, so we will be able to slap
objlabel's into various protectable objects and allow their protections to
be fiddled with.  I hope to have initial patches reimplenting MAC using
struct objlabel within a week or two, allowing for weather.

As I've stated in a couple of forums now, we're planning to introduce two
new target platforms for the TrustedBSD work: OpenBSD, and Apple's Darwin.
These introductions will rely on assistance from those developer
communities: I've received substantial interest from OpenBSD developers
and users in porting over support for extended attributes and ACLs, and
interest from Apple in the full suite of TrustedBSD services.  From the
perspective of my personal time allocation, FreeBSD will remain the
primary porting target, but with the help of OpenBSD and Darwin
developers, we can make TrustedBSD extensions a reality on their
platforms.  Given the similarity of their source bases, this should
actually provide to be a relatively straight-forward task (modulo Mach
interactions in Darwin) :-). 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at      NAI Labs, Safeport Network Services

---------- Forwarded message ----------
Date: Tue, 6 Mar 2001 09:28:25 -0800 (PST)
From: Robert Watson <rwatson at>
To: cvs-committers at, cvs-all at
Subject: cvs commit: src/sys/kern kern_acl.c src/sys/sys acl.h vnode.h

rwatson     2001/03/06 09:28:25 PST

  Modified files:
    sys/kern             kern_acl.c 
    sys/sys              acl.h vnode.h 
  o Introduce filesystem-independent POSIX.1e ACL utility routines to
    support implementations of ACLs in file systems.  Introduce the
    following new functions:
        vaccess_acl_posix1e()          vaccess() that accepts an ACL
        acl_posix1e_mode_to_perm()     Convert mode bits to ACL rights
        acl_posix1e_mode_to_entry()    Build ACL entry from mode/uid/gid
        acl_posix1e_perms_to_mode()    Generate file mode from ACL
        acl_posix1e_check()            Syntax verification for ACL
    These functions allow a file system to rely on central ACL evaluation
    and syntax checking, as well as providing useful utilities to
    allow ACL-based file systems to generate mode/owner/etc information
    to return via VOP_GETATTR(), and to support file systems that split
    their ACL information over their existing inode storage (mode, uid,
    gid) and extended ACL into extended attributes (additional users,
    groups, ACL mask).
  o Add prototypes for exported functions to sys/acl.h, sys/vnode.h
  Reviewed by:	trustedbsd-discuss, freebsd-arch
  Obtained from:	TrustedBSD Project
  Revision  Changes    Path
  1.8       +441 -6    src/sys/kern/kern_acl.c
  1.11      +10 -5     src/sys/sys/acl.h
  1.138     +3 -1      src/sys/sys/vnode.h

To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list