access(2) using effective uid instead of real one?

Matthew Dillon dillon at apollo.backplane.com
Tue Aug 11 10:31:31 PDT 2009


:It is admittedly easier and more explicit to do it as Alex and you suggest.
:
:To implement faccessat, which can check either real of effective ids
:based on a flag argument, do you prefer:
:
:1/ Pass this "effective vs real" flag to VOP_ACCESS (either in a_mode
:or as a new arg).
:
:2/ Adding a new VOP_FACCESSAT operation.
:
:The more general question is: can we break the VOP API (assuming we
:change all in-tree clients)?
:
:Cheers,
:Nicolas

    Definitely (1).  I'd say just pass the new flags straight through
    as a new argument to the base vop_access structure, but change the
    VOP_ACCESS macro in sys/vfsops.h:

#define VOP_ACCESS(vp, mode, cred)			\
        vop_access(*(vp)->v_ops, vp, mode, 0, cred)
#define VOP_ACCESS_FLAGS(vp, mode, flags, cred)		\
        vop_access(*(vp)->v_ops, vp, mode, flags, cred)

     Add a new flags element to struct vop_access_args and pass and
     initialize the new element in the vop_access() function in
     vfs_vopops.c

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Kernel mailing list