Subject: CVS commit: src
To: None <source-changes@NetBSD.org>
From: Elad Efrat <elad@netbsd.org>
List: source-changes
Date: 07/14/2006 18:41:41
Module Name:	src
Committed By:	elad
Date:		Fri Jul 14 18:41:41 UTC 2006

Modified Files:
	src/distrib/sets/lists/comp: mi
	src/lib/libc/gen: sysctl.3
	src/sbin/sysctl: sysctl.8
	src/sbin/veriexecctl: veriexecctl.c veriexecctl.h veriexecctl_parse.y
	src/share/man/man4: options.4
	src/share/man/man9: Makefile
	src/sys/conf: files
	src/sys/dev: verified_exec.c
	src/sys/kern: init_main.c kern_exec.c kern_verifiedexec.c
	    vfs_syscalls.c vfs_vnops.c
	src/sys/sys: verified_exec.h
Added Files:
	src/share/man/man9: fileassoc.9
	src/sys/kern: kern_fileassoc.c
	src/sys/sys: fileassoc.h

Log Message:
okay, since there was no way to divide this to two commits, here it goes..

introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.

this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.

as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.

also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.

tons of input from yamt@, wrstuden@, martin@, and christos@.


To generate a diff of this commit:
cvs rdiff -r1.898 -r1.899 src/distrib/sets/lists/comp/mi
cvs rdiff -r1.170 -r1.171 src/lib/libc/gen/sysctl.3
cvs rdiff -r1.147 -r1.148 src/sbin/sysctl/sysctl.8
cvs rdiff -r1.20 -r1.21 src/sbin/veriexecctl/veriexecctl.c
cvs rdiff -r1.5 -r1.6 src/sbin/veriexecctl/veriexecctl.h
cvs rdiff -r1.13 -r1.14 src/sbin/veriexecctl/veriexecctl_parse.y
cvs rdiff -r1.324 -r1.325 src/share/man/man4/options.4
cvs rdiff -r1.204 -r1.205 src/share/man/man9/Makefile
cvs rdiff -r0 -r1.1 src/share/man/man9/fileassoc.9
cvs rdiff -r1.788 -r1.789 src/sys/conf/files
cvs rdiff -r1.34 -r1.35 src/sys/dev/verified_exec.c
cvs rdiff -r1.270 -r1.271 src/sys/kern/init_main.c
cvs rdiff -r1.218 -r1.219 src/sys/kern/kern_exec.c
cvs rdiff -r0 -r1.1 src/sys/kern/kern_fileassoc.c
cvs rdiff -r1.52 -r1.53 src/sys/kern/kern_verifiedexec.c
cvs rdiff -r1.250 -r1.251 src/sys/kern/vfs_syscalls.c
cvs rdiff -r1.112 -r1.113 src/sys/kern/vfs_vnops.c
cvs rdiff -r0 -r1.1 src/sys/sys/fileassoc.h
cvs rdiff -r1.28 -r1.29 src/sys/sys/verified_exec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.