ACL vs Capability
Matthew Dillon
dillon at apollo.backplane.com
Tue Jul 4 09:13:09 PDT 2006
The capability support has been off the radar screen. None of the
current kernel work makes the capabilities any more or less difficult
to implement, but I haven't touched upon them primarily because adding
them now will make userland vfs and clustering support a lot more
difficult to implement and I want to get those items implemented first.
In particular, capabilities create serious issues in the namecache
code, so much so that I would far prefer that they be implemented
in a higher kernel layer rather then in the filesystem layer. To
work efficiently they will have to be cached by the kernel. In fact,
not only cached, but critically cached and fully integrated into
the namecache code. I am not too concerned about actually building
native capability support into a filesystem. That is, I believe that
it would be sufficient for the kernel to maintain a separate capability
file for each directory, or a database interface, or something of that
nature that is otherwise invisible to userland.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Kernel
mailing list