[OpenAFS-devel] Kernel PAG support
Garrett Wollman
wollman@khavrinen.lcs.mit.edu
Mon, 1 Mar 2004 21:40:26 -0500 (EST)
<<On Mon, 1 Mar 2004 17:22:57 -0800, "Henry B. Hotz" <hotz@jpl.nasa.gov> said:
> Most BSDs and Solaris seem to work OK with our fake group number hack.
I would like for FreeBSD to use the MAC framework for this; it
provides precisely the sort of "extended credential" mechanism that
AFS wants. My work on the FreeBSD port has been stalled lately due to
work overload; perhaps I'll have time to look at it in April if Jim
Rees doesn't beat me to it. Then setpag() becomes a library function
that does:
mac_t label;
mac_from_text(&label, "afspag/new"); /* "new" is not meaningful */
mac_set_proc(label);
mac_free(label);
It then becomes possible to completely remove a process from a PAG:
mac_from_text(&label, "afspag/");
...which is a much-requested feature. The internal representation can
be automatically garbage-collected.
-GAWollman