From owner-freebsd-hackers Mon Jan 6 20: 3:16 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B960037B401 for ; Mon, 6 Jan 2003 20:03:14 -0800 (PST) Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EEB743EA9 for ; Mon, 6 Jan 2003 20:03:14 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0310.cvx22-bradley.dialup.earthlink.net ([209.179.199.55] helo=mindspring.com) by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18VkxL-0006aT-00; Mon, 06 Jan 2003 20:03:12 -0800 Message-ID: <3E1A5131.FE6B7AE6@mindspring.com> Date: Mon, 06 Jan 2003 20:01:53 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: David Schultz Cc: Pawel Jakub Dawidek , freebsd-hackers@FreeBSD.ORG Subject: Re: Caching [sugestion]. References: <20030105215024.GB99855@prioris.mini.pw.edu.pl> <3E18B97A.32ABAE7@mindspring.com> <20030106074005.GB6825@prioris.mini.pw.edu.pl> <20030106163723.GA721@HAL9000.homeunix.com> <20030106233427.GC6825@prioris.mini.pw.edu.pl> <20030107002205.GA655@HAL9000.homeunix.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4bacbbb42f0ee10c44db4dc3743acc34493caf27dac41a8fd350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David Schultz wrote: > Thus spake Pawel Jakub Dawidek : > I'm not sure what you mean by ``temporary names''. Do you mean > that your policy specification permits wildcards in any pathname > component? In that case, you might have to hack the lookup > routines to point to all the possible rule matches as you iterate > down the pathname, so by the time you have a vnode, you also know > what rules match. Scary. It will work, but he will have to implement mandatory locking for directory entries (minimally), if he insists on doing it by name, rather than by dev_t/ino_t pair. Realize that it's actually trivial to do dev_t/ino_t/dev_t/ino_t for "inode in directory". FreeBSD does not permit hard links on directories, and directories already cache parent directories, as their ".." entry. So you can (effectively) implement absolute pathing, as long as inherited rights deal *only* with the directories, and not with the files themselves (unlike NetWare). But mandatory locking for the terminal directory entry is still a requirement, since otherwise, you can still create/open/unlink...close, and before the close, you can subvert any by-name MACs you try to apply. > Keep in mind that if you're willing to bite the performance > bullet, you may be able to implement a userland solution far > more easily. > > http://www.cs.berkeley.edu/~daw/janus/ This is a good reference. If this is just a student project, and not a commercial product, doing the work in user space is probably the way to go. If it's supposed to be commercial, I don't see any way around at least minimally modifying the FS. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message