From owner-p4-projects  Thu Oct 24 12:44:27 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 20E1737B406; Thu, 24 Oct 2002 12:44:26 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from green.bikeshed.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7724737B401; Thu, 24 Oct 2002 12:44:24 -0700 (PDT)
Received: from green.bikeshed.org (9pc9770ni7g3nsuo@green.bikeshed.org [10.0.0.1] (may be forged))
	by green.bikeshed.org (8.12.6/8.12.6) with ESMTP id g9OJiOPw023927;
	Thu, 24 Oct 2002 15:44:24 -0400 (EDT)
	(envelope-from green@green.bikeshed.org)
Received: from localhost (green@localhost)
	by green.bikeshed.org (8.12.6/8.12.6/Submit) with ESMTP id g9OJiOMU023924;
	Thu, 24 Oct 2002 15:44:24 -0400 (EDT)
Message-Id: <200210241944.g9OJiOMU023924@green.bikeshed.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Robert Watson <rwatson@FreeBSD.org>
Cc: Perforce Change Reviews <perforce@FreeBSD.org>
Subject: Re: PERFORCE change 20064 for review 
In-Reply-To: Your message of "Thu, 24 Oct 2002 15:17:28 EDT."
             <Pine.NEB.3.96L.1021024151536.33116B-100000@fledge.watson.org> 
From: "Brian F. Feldman" <green@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 24 Oct 2002 15:44:24 -0400
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

Robert Watson <rwatson@FreeBSD.org> wrote:
> Note that this is arguably incorrect for all policies but LOMAC, since
> "fail stop" is the desired behavior for Biba, MLS, SELinux, and others.
> This is why I changed the default for cow to off.  We should look into a
> way to provide both what LOMAC and the other policies need, perhaps by
> having two entry points: one for the purpose of downgrading with COW, one
> without.  In particular, pay attention to cases like:
> 
> 	LOMAC wants to downgrade write to read-only
> 	Biba wants to remove write entirely
> 
> The desired composition in this case is probably the Biba result.

Well, note that nothing at all was enforced previously, and only LOMAC is 
capable of requesting downgrade at the moment, so this is effectively a 
LOMAC option, but in the wrong place :)  I think the simple solution would 
be adding an int *dontCOW argument, and in policies which would like to 
revoke without COW something like:

	if (shouldrevoke(subj, obj)) {
		*perms &= ~VM_OBJECT_READ;
		if (I_should_not_COW)
			++*dontCOW;
	}

-- 
Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
  <> green@FreeBSD.org  <> bfeldman@tislabs.com      \  The Power to Serve! \
 Opinions expressed are my own.                       \,,,,,,,,,,,,,,,,,,,,,,\



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message