On Thu, 26 Oct 2000 [EMAIL PROTECTED] wrote:
> > On Thu, 26 Oct 2000 [EMAIL PROTECTED] wrote:
> >
> > > For an existing API (which I am not proposing be taken as is) take a look
> > > at the xfs man pages here:
> > >
> > > http://oss.sgi.com/projects/xfs/manpages.html
> >
> > Sorry, but I think the root namespace is a serious misdesign. The root
> > user shouldn't be treated specially at all. In a system that fully
> > supports capabilities, it's actually possible for root to have no
> > permissions whatsoever. Allowing root to manipulate EAs of files
> > effectively makes root omnipotent again (by manipulating the capabilities
> > of files, etc.)
>
> ROOT is a bad name for it, being root is not what controls who is
> allowed to change it, that is capabaility based. And like I said I
> am not proposing this as an interface for linux - but I do want to
> see an interface which lets xfs continue to have the two spaces,
> changing that is not an option since it involves changing the on
> disk format of xfs.
I'm not proposing to change the on-disk format. I'm suggesting to
providing a mapping between the EA names on XFS and the EA names users see
under Linux. Breaking XFS is not an option, of course.
> I will let Curtis respond on the root stuff if he wants he did that not me!
Well, I assume he will bring some more light into this.
> > However, there should be a separate namespace for system related
> > attributes like ACL, CAP, MAC for which the kernel determines whether an
> > access is granted or not. No user, ever, is able to override the security
> > policy of the kernel in this namespace. Also, the kernel doesn't only rule
> > whether an access is granted, but also which values the EA may assume.
>
> Yes, the root name space in irix is where these beasts live, plus a few
> other system managed properties such as dmapi information. Getting permission
> to manipulate these is tightly controlled. [ Note that people other than
> myself are best to argue about security stuff, I'm a filesystem guy. ]
>
> >
> > Also, XFS has two separate namespaces. Merging them (and keeping the
> > namespace information in a name prefix) would be a good thing as it would
> > simplify the interface. Attributes from multiple namespaces would be
> > brought into context by their name only. Otherwise, [1342]acl and
> > [4742]acl might look very similar, but indeed they would describe entirely
> > different things.
>
> This breaks existing XFS filesystems.
I don't think so. My suggestion would be this: All user EAs are prefixed
with "user." when passed to the kernel. The prefix is not actually stored
on the filesystem. Likewise, all root EAs are prefixed with "root.".
Andreas.
------------------------------------------------------------------------
Andreas Gruenbacher, [EMAIL PROTECTED]
Contact information: http://www.bestbits.at/~ag/
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
