On Thu, 26 Oct 2000 [EMAIL PROTECTED] wrote:
> For an existing API (which I am not proposing be taken as is) take a look
> at the xfs man pages here:
>
> http://oss.sgi.com/projects/xfs/manpages.html
Sorry, but I think the root namespace is a serious misdesign. The root
user shouldn't be treated specially at all. In a system that fully
supports capabilities, it's actually possible for root to have no
permissions whatsoever. Allowing root to manipulate EAs of files
effectively makes root omnipotent again (by manipulating the capabilities
of files, etc.)
However, there should be a separate namespace for system related
attributes like ACL, CAP, MAC for which the kernel determines whether an
access is granted or not. No user, ever, is able to override the security
policy of the kernel in this namespace. Also, the kernel doesn't only rule
whether an access is granted, but also which values the EA may assume.
Also, XFS has two separate namespaces. Merging them (and keeping the
namespace information in a name prefix) would be a good thing as it would
simplify the interface. Attributes from multiple namespaces would be
brought into context by their name only. Otherwise, [1342]acl and
[4742]acl might look very similar, but indeed they would describe entirely
different things.
Here's another manpage pointer to Tru64 "property lists":
<http://www.tru64unix.compaq.com/faqs/publications/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN4/0200____.HTM>
And to FreeBSD:
<http://www.FreeBSD.org/cgi/man.cgi?query=extattr>
Thanks,
Andreas.
------------------------------------------------------------------------
Andreas Gruenbacher, [EMAIL PROTECTED]
Contact information: http://www.bestbits.at/~ag/
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
