DragonFly kernel List (threaded) for 2006-07
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: ACL vs Capability

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Tue, 4 Jul 2006 09:05:59 -0700 (PDT)

    The capability support has been off the radar screen.  None of the
    current kernel work makes the capabilities any more or less difficult
    to implement, but I haven't touched upon them primarily because adding
    them now will make userland vfs and clustering support a lot more
    difficult to implement and I want to get those items implemented first.

    In particular, capabilities create serious issues in the namecache
    code, so much so that I would far prefer that they be implemented 
    in a higher kernel layer rather then in the filesystem layer.  To
    work efficiently they will have to be cached by the kernel.  In fact,
    not only cached, but critically cached and fully integrated into
    the namecache code.  I am not too concerned about actually building
    native capability support into a filesystem.  That is, I believe that
    it would be sufficient for the kernel to maintain a separate capability
    file for each directory, or a database interface, or something of that
    nature that is otherwise invisible to userland.

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>

References:
- ACL vs Capability
  - From: TongKe Xue
- Re: ACL vs Capability
  - From: Thomas E. Spanjaard
- Re: ACL vs Capability
  - From: TongKe Xue
- Re: ACL vs Capability
  - From: Thomas E. Spanjaard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]