Re: Vnode scope implementation

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: Vnode scope implementation
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Sun, 23 Aug 2009 14:31:35 -0400

On Sun, Aug 23, 2009 at 11:15 AM, YAMAMOTO
Takashi<yamt%mwd.biglobe.ne.jp@localhost> wrote:

> ok, you will document it.  it's fine.

Good. Btw, could this:

    http://mail-index.netbsd.org/tech-pkg/2009/08/17/msg003752.html

be another manifestation of a similar issue...?

> let me repeat my questions.
> do you mean that nothing except documentation will be done for nfs?

At least for now, yes, nothing except documentation will be done for nfs.

> does it mean the use of the vnode scope is optional and a filesystem is
> free to choose not using it, right?

No, what is your reasoning here?

It means that if a file-system's security policy effectively comes
from a host that you have no control over, you can not explicitly
allow an operation because you don't have the last word, but you can
certainly short-circuit and deny the operation.

It's very similar to a firewall running on machine A allowing all
outbound communication to port 80, but that will be of little meaning
if the remote host B does not allow any inbound communication to port
80.

-e.

Follow-Ups:
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi

References:
- Re: Vnode scope implementation
  - From: Elad Efrat
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi

Prev by Date: Re: Vnode scope implementation
Next by Date: re: basic support for (software concept) "pci domains" in the MI pci code
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index