|
|
Subscribe / Log in / New account

Rich access control lists

Rich access control lists

Posted Oct 22, 2015 1:13 UTC (Thu) by fandingo (guest, #67019)
In reply to: Rich access control lists by Cyberax
Parent article: Rich access control lists

I neither said nor implied it did. IO synchronization is a separate problem. Perhaps down the road, they can add additional Richacl types (unsigned int leaves a lot of available flags) for open(2) modes like O_SYNC (and other associated syscalls) to allow Richacl policy to require or prohibit that option.

> so I'm curious to see the actual systems that depend on it.

I'm not sure any piece of software itself could "depend" on it. From the software's perspective, it's just eliminating extraneous syscalls and mode flags. It's the software distribution's (or perhaps the adventurous sys admin's) job to write and distribute a policy. The policy separation and delegation to distributions is same as SELinux.

to post comments

Rich access control lists

Posted Oct 22, 2015 1:30 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

And to guarantee that the entries are also semantically correct, perhaps we can add another permission to attach an XML (or even ASN.1) schemas to files?

Of course, some people might also forbid any file activity on Sundays, so we need a special permission for that as well.

Rich access control lists

Posted Oct 22, 2015 1:50 UTC (Thu) by fandingo (guest, #67019) [Link] (1 responses)

Sure, if you want to do that, although some file systems have xattr length limitations. I'd treat ACLs the same as LSMs: Pick anyone you want (and stack them if you like and support is implemented). The data will be stored in xattrs defined by that ACL module, and a file system feature flag can be used to force (or indicate if a bypass kernel cmdline / config option is set) a kernel to use that ACL module.

Nonetheless, I doubt you'd have many people in such a scheme. But, let's dial it back from absurdity.

Rich access control lists

Posted Oct 22, 2015 22:58 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

No. Complex LSMs proved to be a total failure - NOBODY understands how SELinux works, so on most systems it just sits idly and eats resources.

At least with modebits I can understand what's happening immediately. With Windows ACLs you can't do that - you have to carefully evaluate the rules, keeping their order in mind. POSIX ACLs are ok-ish, they at least play nicely with the regular Unix permissions.

And your examples are so far extremely poor. If you need to constrain a daemon to use only O_APPEND - then write an LSM module for that. No need at all to rape file permissions. And if you are doing it over NFS then get a proper rsyslog, for FSM's sake.

So what are other examples, apart from the contrived O_APPEND?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds