On Tue, 4 Feb 2003, Ilmar S. Habibulin wrote: > On Mon, 3 Feb 2003, Robert Watson wrote: > > > The strategy for selecting a credential to check against is generally to > > use td_ucred, and to hold no locks. You'll see that suser() does this, > > for example. Under some circumstances: specifically, credential updates, > > you need to hold the process lock and atomically check the process > > credential before updating. If the thread doesn't immediately leave the > > kernel (i.e., more checks might be performed), you'll also need to > > propagate the cred change to the thread from the process. > > Ok. Thank you for an expanation, I'll consider that. Now i'm trying to > reanimate Thomas Moestls' capability work. Is anybody interested in such > integration? I have almost bootable kernel and now will try to > understand kernel structures locking and td_ucred/p_ucred interactions, > to make nessesary changes. > > Or SEBSD make capabilities completly unnesessary?
We have tentative plans to support Capabilities-like models via a plug-in module using the MAC Framework sometime over the next few months. Slotting the POSIX.1e capabilities work into that makes a lot of sense. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Network Associates Laboratories To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
