On Wed, 16 Dec 2009 18:03:06 -0500 Jeffrey Hutzelman <[email protected]> wrote:
> --On Wednesday, December 16, 2009 01:46:04 PM -0500 Derrick Brashear > <[email protected]> wrote: > > > bos exec still works unless you give the restricted command line > > switch. if you turn on random options without reading what you're > > doing, you get what you paid for. > > Perhaps you missed the part where Simon advocated making the new > behavior the default? The 'new behavior' may just be "allow the restricted switch", not "turn on restricted mode". I originally read this as the latter, but I kinda can see it either way. Which one do we want? Having restricted mode as the default is something I would agree with, assuming the problems of e.g. 'bos exec suddenly breaks' are taken care of enough. > Making it the default behavior might be OK, provided we add code to > make the fileserver recognize a vice partition containing existing > inode volumes and refuse to start. ('default behavior' meaning namei, I assume.) We already have that, I believe. If we're inode and AFSIDat doesn't exist but anything starting with a V does, we don't attach the partition. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
