[ACL-Devel] [Fwd: going to commit (was: Re: file system extended attributes
support)]
Linda Walsh
law@sgi.com
Fri, 14 Apr 2000 13:41:45 -0700
FYI, in BSD land...
Robert Watson wrote:
>
> I sent this out a few days ago, and have thus far received only postive
> comments. With this in mind, I'm going to go ahead and commit the FFS
> extended attribute support to 5.0-CURRENT this evening, modulo the
> following changes --
>
> 1) clean up debugging output
>
> 2) possibly have the various baby extattr tools be a single binary that
> checks argv[0]
>
> Are there, at this point, any objections to my committing, or suggestions
> as to improvements that should be made?
>
> Just as a recap: enabling of extended attributes is toggled by the
> FFS_EXTATTR kernel option, and following that, it must be 1) started for
> each fs to be used, and 2) specific extended attributes must be
> explicitely enabled. Current this is done using the extattrctl utility,
> although I'm contemplating pushing some management info into /etc/fstab as
> with quotas, or having a startup script that auto-starts attributes in the
> /.attributes directory on each fs. Auto-starting will wait until I've
> seen more broad testing with it in the code base.
>
> Robert
>
> On Mon, 10 Apr 2000, Robert Watson wrote:
>
> > As part of the supporting code base for a number of security-related
> > projects on FreeBSD, I've hacked up extended attribute support for
> > FreeBSD. This allows arbitrary named attributes to be associated with
> > each inode, maintained by the kernel. In December, I committed APIs
> > associated with this code to the FreeBSD repository, and now after a few
> > months of testing and use, I'd like to commit the code itself to the repo.
> > Doing so will facilitate the further development of a number of
> > security-related projects, including the TrustedBSD MAC, ACL, and
> > Capability support, as well as third party security code such as the
> > NAI/TIS Labs FreeDTE code.
> >
> > This code is similar to the Quota code, in that it stores attributes in
> > backing files in the file system (or in another file system), and may be
> > enabled per-FFS partition. My feeling is that this approach allows
> > maximum flexibility at this point in the life cycle of FreeBSD in terms of
> > VFS maturity. As the support for stacked file systems matures, I'd be
> > willing to reconsider the manner in which this is implemented.
> >
> > The current version of the code, diff'd from the main repo a few days ago
> > on the 5.0-CURRENT (head) branch, is available for download at:
> >
> > http://www.trustedbsd.org/downloads/
> >
> > It contains a great deal of #ifdef'd debugging code, but also contains
> > some utilities that can be experimented with. I recommend reading the
> > extattrctl man page first. The excessive debugging code will be stripped
> > before committing, and once I'm confident that it works for more than just
> > the four or five people who've used it thus far :-).
> >
> > Thanks,
> >
> > Robert N M Watson
> >
> > robert@fledge.watson.org http://www.watson.org/~robert/
> > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
> > TIS Labs at Network Associates, Safeport Network Services
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-fs" in the body of the message
> >
>
> Robert N M Watson
>
> robert@fledge.watson.org http://www.watson.org/~robert/
> PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
> TIS Labs at Network Associates, Safeport Network Services
>
> To Unsubscribe: send mail to majordomo@trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
--
Linda A Walsh | Trust Technology, Core Linux, SGI
law@sgi.com | Voice: (650) 933-5338
-------------------------------------------------------------------------
Linux ACL Developers List --- http://acl.bestbits.at/acl-devel/
To unsubscribe, send a message with `unsubscribe acl-devel'
in the message body to majordomo@bestbits.at.
-------------------------------------------------------------------------