diff options
| author | rwatson <rwatson@FreeBSD.org> | 2001-03-14 05:32:31 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2001-03-14 05:32:31 +0000 |
| commit | 3c831c500f97e076db6a799214d39041d3a1d2b5 (patch) | |
| tree | c109894a99bd7ebef04e43cd9a0069f46a9ccacf /sys/conf/options | |
| parent | a0b58bfe93ffb353556d165d597c415379411234 (diff) | |
| download | FreeBSD-src-3c831c500f97e076db6a799214d39041d3a1d2b5.zip FreeBSD-src-3c831c500f97e076db6a799214d39041d3a1d2b5.tar.gz | |
o Implement "options FFS_EXTATTR_AUTOSTART", which depends on
"options FFS_EXTATTR". When extended attribute auto-starting
is enabled, FFS will scan the .attribute directory off of the
root of each file system, as it is mounted. If .attribute
exists, EA support will be started for the file system. If
there are files in the directory, FFS will attempt to start
them as attribute backing files for attributes baring the same
name. All attributes are started before access to the file
system is permitted, so this permits race-free enabling of
attributes. For attributes backing support for security
features, such as ACLs, MAC, Capabilities, this is vital, as
it prevents the file system attributes from getting out of
sync as a result of file system operations between mount-time
and the enabling of the extended attribute. The userland
extattrctl tool will still function exactly as previously.
Files must be placed directly in .attribute, which must be
directly off of the file system root: symbolic links are
not permitted. FFS_EXTATTR will continue to be able
to function without FFS_EXTATTR_AUTOSTART for sites that do not
want/require auto-starting. If you're using the UFS_ACL code
available from www.TrustedBSD.org, using FFS_EXTATTR_AUTOSTART
is recommended.
o This support is implemented by adding an invocation of
ufs_extattr_autostart() to ffs_mountfs(). In addition,
several new supporting calls are introduced in
ufs_extattr.c:
ufs_extattr_autostart(): start EAs on the specified mount
ufs_extattr_lookup(): given a directory and filename,
return the vnode for the file.
ufs_extattr_enable_with_open(): invoke ufs_extattr_enable()
after doing the equililent of vn_open()
on the passed file.
ufs_extattr_iterate_directory(): iterate over a directory,
invoking ufs_extattr_lookup() and
ufs_extattr_enable_with_open() on each
entry.
o This feature is not widely tested, and therefore may contain
bugs, caution is advised. Several changes are in the pipeline
for this feature, including breaking out of EA namespaces into
subdirectories of .attribute (this is waiting on the updated
EA API), as well as a per-filesystem flag indicating whether
or not EAs should be auto-started. This is required because
administrators may not want .attribute auto-started on all
file systems, especially if non-administrators have write access
to the root of a file system.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/conf/options')
| -rw-r--r-- | sys/conf/options | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/conf/options b/sys/conf/options index 37bdd4a..1f1abd2 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -137,6 +137,7 @@ SOFTUPDATES opt_ffs.h # in FFS, which can be used to support high security configurations # as well as new file system features. FFS_EXTATTR opt_ffs.h +FFS_EXTATTR_AUTOSTART opt_ffs.h # The above static dependencies are planned removed, with a # <filesystem>_ROOT option to control if it usable as root. This list |
