[OpenAFS-devel] Re: [OpenAFS] 2.6 kernel support anytime soon?
Workarounds?
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 11 May 2004 11:17:53 -0400
On Monday, May 10, 2004 21:03:40 -0400 Garrett Wollman
<wollman@khavrinen.lcs.mit.edu> wrote:
> <<On Mon, 10 May 2004 19:02:26 -0400, Jeffrey Hutzelman <jhutz@cmu.edu>
> said:
>
>> The real difficulty is in the inheritance model. We have a specific
>> model:
>
>> (1) Every process has at most one PAG
>> (2) Processes start out with no PAG
>> (3) A new process inherits its parent's PAG, if any
>> (4) A process can request a new PAG for itself
>> (5) There is a funny operation that lets a process request a new PAG for
>> itself _and its parent_. I think this is evil, but it's there.
>> (6) A process never gets a new PAG except by (4) or (5).
>> (7) There is no way to go back to the PAG-less state.
>
> With the exception of (5) and possibly (7) depending on the
> implementation, these are exactly the semantics of a MAC label. (For
> (7), you can just refuse the operation with EPERM if the user tries to
> unset the label.)
Well, that's fine -- as long as they also can't "accidentally" lose the
label, say, because some part of the system decides that running an suid
executable should result in discarding all labels.