Pawel Jakub Dawidek wrote: > Not always is chance to operate only on vnodes. When You (for example) > want to denied mode changes for some file, You can do this through catching > chmod(2), but when someone open this file how You get file name when You want > create policy rules for fchmod(2)? Remember that files could have temporary > names, so You can't compare vnode from file descriptor with some file that > You're expecting.
In fact, that is the *only* thing you can compare, because that's the key value in the name cache, and that's the last point at which there's a 1:1 relationship between on disk and in core structures; above that, hard links cause your references to be ambiguous. The policies you want to implement are impossible to enforce for something like fchmod(2), unless you enforce against hard links, or change the object relationship in the kernel so that hard links do not result in ambiguities. See other posting, for details. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
