From owner-freebsd-arch Fri Apr 14 10:32:55 2000 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id C1BBA37BF27 for ; Fri, 14 Apr 2000 10:32:52 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id TAA08722 for ; Fri, 14 Apr 2000 19:32:50 +0200 (CEST) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id TAA07101 for freebsd-arch@freebsd.org; Fri, 14 Apr 2000 19:32:50 +0200 (CEST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 5BC0137BF20; Fri, 14 Apr 2000 10:32:06 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA59477; Fri, 14 Apr 2000 13:32:02 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Fri, 14 Apr 2000 13:32:01 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-fs@freebsd.org Cc: freebsd-arch@freebsd.org Subject: going to commit (was: Re: file system extended attributes support) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I sent this out a few days ago, and have thus far received only postive comments. With this in mind, I'm going to go ahead and commit the FFS extended attribute support to 5.0-CURRENT this evening, modulo the following changes -- 1) clean up debugging output 2) possibly have the various baby extattr tools be a single binary that checks argv[0] Are there, at this point, any objections to my committing, or suggestions as to improvements that should be made? Just as a recap: enabling of extended attributes is toggled by the FFS_EXTATTR kernel option, and following that, it must be 1) started for each fs to be used, and 2) specific extended attributes must be explicitely enabled. Current this is done using the extattrctl utility, although I'm contemplating pushing some management info into /etc/fstab as with quotas, or having a startup script that auto-starts attributes in the /.attributes directory on each fs. Auto-starting will wait until I've seen more broad testing with it in the code base. Robert On Mon, 10 Apr 2000, Robert Watson wrote: > As part of the supporting code base for a number of security-related > projects on FreeBSD, I've hacked up extended attribute support for > FreeBSD. This allows arbitrary named attributes to be associated with > each inode, maintained by the kernel. In December, I committed APIs > associated with this code to the FreeBSD repository, and now after a few > months of testing and use, I'd like to commit the code itself to the repo. > Doing so will facilitate the further development of a number of > security-related projects, including the TrustedBSD MAC, ACL, and > Capability support, as well as third party security code such as the > NAI/TIS Labs FreeDTE code. > > This code is similar to the Quota code, in that it stores attributes in > backing files in the file system (or in another file system), and may be > enabled per-FFS partition. My feeling is that this approach allows > maximum flexibility at this point in the life cycle of FreeBSD in terms of > VFS maturity. As the support for stacked file systems matures, I'd be > willing to reconsider the manner in which this is implemented. > > The current version of the code, diff'd from the main repo a few days ago > on the 5.0-CURRENT (head) branch, is available for download at: > > http://www.trustedbsd.org/downloads/ > > It contains a great deal of #ifdef'd debugging code, but also contains > some utilities that can be experimented with. I recommend reading the > extattrctl man page first. The excessive debugging code will be stripped > before committing, and once I'm confident that it works for more than just > the four or five people who've used it thus far :-). > > Thanks, > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-fs" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message