[OpenAFS-devel] Re: [OpenAFS] 2.6 kernel support anytime soon?
Workarounds?
Garrett Wollman
wollman@khavrinen.lcs.mit.edu
Mon, 10 May 2004 21:03:40 -0400 (EDT)
<<On Mon, 10 May 2004 19:02:26 -0400, Jeffrey Hutzelman <jhutz@cmu.edu> said:
> The real difficulty is in the inheritance model. We have a specific model:
> (1) Every process has at most one PAG
> (2) Processes start out with no PAG
> (3) A new process inherits its parent's PAG, if any
> (4) A process can request a new PAG for itself
> (5) There is a funny operation that lets a process request a new PAG for
> itself _and its parent_. I think this is evil, but it's there.
> (6) A process never gets a new PAG except by (4) or (5).
> (7) There is no way to go back to the PAG-less state.
With the exception of (5) and possibly (7) depending on the
implementation, these are exactly the semantics of a MAC label. (For
(7), you can just refuse the operation with EPERM if the user tries to
unset the label.)
-GAWollman