acl-0.6.1 release now available, more ACL code committed

Robert Watson rwatson at FreeBSD.org
Mon Mar 19 23:18:17 GMT 2001 

This afternoon, I released acl-0.6.1, downloadable at the usual location:

   http://www.TrustedBSD.org/downloads/
   http://www.TrustedBSD.org/downloads/acl-0.6.1.tgz

The release includes diffs against FreeBSD 5.0-CURRENT from this
afternoon.  This release takes into account a number of changes in the
base tree, including: 

o Fix the UFS ACL code to take into account recently committed extended
  attribute interface changes, including explicit namespace modifications
  to the EA interface.  As a result, the attribute names used by the
  UFS ACL implementation have changed to remove the '$' which was the
  earlier implicit EA namespace indicator.

o Remove getfacl and setfacl from the ACL distribution, as they have now
  been committed to the base system, along with updates to libposix1e
  to include more of the POSIX.1e ACL editing interface.

Please read the README and CHANGES files for more information.  For users
updating from prior versions, you'll want to read more about the EA
changes, as well as about the introduction of FFS_EXTATTR_AUTOSTART (now
UFS_EXTATTR_AUTOSTART) which improves the use of ACLs substantially by
removing races between file system mount and ACL availability.  A quicky
upgrade procedure:

In reconfiguring your kernel, FFS_EXTATTR and FFS_EXTATTR_AUTOSTART are
now UFS_EXTATTR and UFS_EXTATTR_AUTOSTART.  For the purposes of
auto-starting, the ".attribute" directory off of a file system root is
now-autoscanned for potential attribute backing files.  The interface has
changed such that the "user" and "system" sub-directories of the
".attribute" directory are intended to contain backing files for those
namespaces respectively.  This means that users of the older backing file
format will need to do the following for each affected filesystem:

mkdir ${FSROOT}/.attribute/user
mkdir ${FSROOT}/.attribute/system
mv ${FSROOT}/.attribute/'$posix1e.acl_access' \
	${FSROOT}/.attribute/system/posix1e.acl_access
mv ${FSROOT}/.attribute/'$posix1e.acl_default' \
	${FSROOT}/.attribute/system/posix1e.acl_default

The UFS ACL code is now on a review path, with the intent of committing
the remaining kernel code within a couple of weeks.  I'm particularly
interested in seeing a review of the correctness of the kern_acl.c code,
as well as the vnode operations added to UFS.  There may be additional
0.6.? releases to take into account fixes associated with any comments
returned, but the goal is now to get the code committed to make it more
broadly available to the FreeBSD community.

Future tasks for the ACL implementation are:

- As EAs and ACLs mature on ext2fs and other file systems, add support to
  FreeBSD implementations.
- Adapt FreeBSD userland tools (such as mv, cp, ...) to understand ACLs
- Fix possible oustanding issue with ACL validation and sorting in
  kernel, and verify consistency of userland acl_valid() and kernel
  implementation.
- Performance measurement and optimization (largely a product of EA
  performance)
- Continue work on the libposix1e ACL editing library

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list