[OpenAFS-port-freebsd] Re: FreeBSD 5-current client work....

[Garrett Wollman]

<<On Thu, 25 Sep 2003 15:42:58 -0400, Chaskiel M Grundman <cg2v@andrew.cmu.edu> said:

> I can understand disabling ioctl. I no longer remember what application it
> was that used ioctl as a gateway into pioctl, and it's unlikely that
> anything still does that, but without the setgroups intercept, PAGs are not
> durable, and you're stuck with uid-bound tokens. Is that really what the
> freebsd users want?

The right way to do this for FreeBSD 5 is to use a MAC label on the
process credential.  This has all the desired properties without
hacking up the group list.  I haven't gotten around to implementing
the afs_pag MAC policy, but it's trivially derivable from an existing
sample MAC policy (basically, delete all of the access-control bits).
For the current level of development, UIDs will be good enough.

ioctl() is actually OK; intercepting the system call is not, because
getting the locking right at that level is a hopeless task.  Since we
already have a VOP_IOCTL() interface which does the right thing, and
is called with the right locking already done in exactly the right
circumstances.  setgroups() has similar locking issues, which is one
of the reasons why I want AFS to use the flexible MAC framework rather
than perilous hacking in the group list.

-GAWollman