CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	rwatson <rwatson@FreeBSD.org>
	Sat, 2 Sep 2000 20:31:26 +0000 (20:31 +0000)
committer	rwatson <rwatson@FreeBSD.org>
	Sat, 2 Sep 2000 20:31:26 +0000 (20:31 +0000)
commit	e6a536221cb30ae732c3b4e40beb458608264a3d
tree	21aa389a5778f6e835a1bff00245df6cfd72453f	tree \| snapshot
parent	00a9b590ee5f72f36180abe666708242571d4b62	commit \| diff

Modify extended attribute protection model to authorize based on
attribute namespace and DAC protection on file:
- Attribute names beginning with '$' are in the system namespace
- The attribute name "$" is reserved
- System namespace attributes may only be read/set by suser()
  or by kernel (cred == NULL)
- Other attribute names are in the application namespace
- The attribute name "" is reserved
- Application namespace attributes are protected in the manner
  of the target file permission

o Kernel changes
- Add ufs_extattr_valid_attrname() to check whether the requested
  attribute "set" or "enable" is appropriate (i.e., non-reserved)
- Modify ufs_extattr_credcheck() to accept target file vnode, not
  to take inode uid
- Modify ufs_extattr_credcheck() to check namespace, then enforce
  either kernel/suser for system namespace, or vaccess() for
  application namespace
o EA backing file format changes
- Remove permission fields from extended attribute backing file
  header
- Bump extended attribute backing file header version to 3
o Update extattrctl.c and extattrctl.8
- Remove now deprecated -r and -w arguments to initattr, as
  permissions are now implicit
- (unrelated) fix error reporting and unlinking during failed
  initattr to remove duplicate/inaccurate error messages, and to
  only unlink if the failure wasn't in the backing file open()

Obtained from: TrustedBSD Project

sys/ufs/ufs/extattr.h		diff \| blob \| history
sys/ufs/ufs/ufs_extattr.c		diff \| blob \| history
usr.sbin/extattrctl/extattrctl.8		diff \| blob \| history
usr.sbin/extattrctl/extattrctl.c		diff \| blob \| history