Add setacl system call?

Robert Watson rwatson at FreeBSD.org
Mon Jul 25 07:08:57 UTC 2011 

On Sun, 24 Jul 2011, exorcistkiller wrote:

> Hi, I'm working on a course project in which I need to add 3 system calls. 
> One of which is setacl(char *name, int type, int idnum, int perms), which 
> set acl for a file specified by name. I used newfs as in 
> ftp://ftp.tw.freebsd.org/pub/FreeBSD/FreeBSD-current/src/sbin/newfs/ to make 
> this new filesystem, named myfs (which really is UFS2) and mounted it.
>
> My question is:
> 1) where to start with?
> 2) Is this filesystem actually a userland UFS and I can use functions in
> libufs(3)?
> 3) What about functions in ufs_acl.c? Should the acls be stored on the
> extended attributes blocks? Does FreeBSD 8.2 support it?
>
> I know I'm asking stupid questions, but a small hint might help me a lot. 
> Thank you so much..

Hi... er.. exorcistkiller...  (*)

This being FreeBSD, you may want to start with the existing programmer 
documentation, which should prove quite useful given your goals.  Try acl(3) 
for userspace, and acl(9) for the kernel.

You are doing this in the context of a course, so the constraints may be 
somewhat artificial.  However, normally my advice to someone wanting to add a 
new ACL implementation to FreeBSD would be to start with our existing 
implementation, which supports both POSIX.1e and NFSv4 ACLs (and is extensible 
to new ACL types without changing the current APIs (much)).  For example, if I 
were going to teach our native system call API about AFS ACLs, I'd start by 
perusing the above man pages and code, including:

   src/bin/*acl*			# Commands for manipulating ACLs
   src/lib/libc/posix1e		# Library routines
   src/sys/kern/*acl*		# File system-independent code
   src/sys/sys/acl.h		# File system-independent header

As you've already found, ufs_acl.c contains the implementation for UFS; ZFS, 
NFS, etc, have similar-looking files with markedly different contents.  In 
general, if something looks file system-independent, we try to put it in the 
centralised files in kern, rather than replicate the code across file systems. 
Roughly half the code in the kern directory has to do with calls *into* the 
file system, and the other half is a library of routines called *by* the file 
system.

Robert

More information about the freebsd-hackers mailing list