[osol-discuss] XATTRs usage

Fri, 05 May 2006 04:27:01 -0700 

Joerg Schilling wrote:

I see no reason to change the current API.


Thanks thats good to know.


I am however interested in some definitions that would allow people to map
between the Sun XATTR system and other XATTR systems.


This is very important as other people currently implement NFSv4 XATTR support 
and this could be used as a way to unify the XATTR implementations.


I agree this is important but I'm not sure where to start.


What I can say though is Solaris doesn't currently use XATTR for 
anything and Solaris (not OpenSolaris) can't until we no longer support 
Solaris 8 as a jumpstart server or host for diskless clients (since 
Solaris 8 UFS and NFS do not support XATTRs at all).  Once that happens

we might be able to start using them.


Things I would like to do in Solaris but can't until we all agree that 
some part of the XATTR namespace for ANY file can be interpreted and 
changed ONLY by privileged parts of the system are:


        Forced privileges - like we had in TUFS on Trusted Solaris
                Think ping.  It is currently setuid 0 and is carefully
                coded to drop all privs other than net_icmpaccess.  It
                would be much better to force only net_icmpaccess in
                the file system.  Doing this in an ELF header doesn't
                work well.  Changing this would require asserting all
                privileges.

        MAC Labels - like we had in TUFS, changing these would require
                a MAC override privilege.

        Immutable flag - though maybe with the ACLs we have now we don't
                have as much need for this.

        Archive flag - a skip/include in "backup" flag that can be
                cleared by the backup/archiver programs.

Of that list I believe that the Forced privileges are operating system
specific but the others could apply on other systems.  In particular
it would be nice for MAC labels to be standard across all file systems
and actually be enforcable and discoverable over NFSv4.

Other things I could see being done include things like MIME Types,
again this could/should be standard across all systems.

--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org



























					Reply via email to