CAPs, MACs, ACLs, FreeBSD implementation
Ilmar S. Habibulin
ilmar at ints.ru
Fri Oct 1 05:46:36 GMT 1999
Here is some ideas of the implementation all of the posix features under
freebsd. The main difficulty for me in it is the placing of all posix
security attributes in file inodes and process descriptors. While process
descriptors can theoretically grow up in size (sizeof(struct proc)), inode
can't (on-disk inode i mean). So we have to create new fs - that's no a
good solution, imho. I offer the following approach - in the inode
structire we have 2*sizeof(int32_t) bytes, that we can use as a pointer to
some disk block containing MAC labels, Capabilities, ACLs, Information
Labels and so on. The same thing i think we should do with the proc
structure. Include a pointer to some structure, containg process related
posix security attributes (like p_cred).
The main problem is in my curve hands. :( If you approve this approach
could someone help me in coding this pointers/structures. Especially
filesystem one?
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list