Coda File System

Re: extended attributes?

From: Alexander Kjeldaas <astor_at_guardian.no>
Date: Wed, 10 Dec 1997 15:48:13 +0100 (MET)
On Tue, 9 Dec 1997, Peter J. Braam wrote:

> Hi Alexander,
> 
> Whoops, I think nobody is looking much at that list.  I suppose I should
> subscribe myself.
> 
> We definitely have ACL's.  We have some extra attributes in our "cnodes"
> which we currently don't exploit (I believe author and data version are
> there).  We deal differently with atime, mtime, ctime than local
> filesystems for efficiency. Due to replication of volumes we carry a lot
> of stuff around that is used internally: so called version vectors count
> the number of updates at each replication server, to keep replicas in
> sync.
> 
> 
> I don't know what "MAC" and information labels are.
> 

They are 32-64 bit integers that indicates the sensitivity of the data.
Information labels label the information. However they are not that
important since nobody is currentlyimplementing them for linux. However,
capabilities are important since they are already implemented (if not in
the main kernel). Capabilities are 64-128 bit of information attached to
executables saying what "super-user" privileges is is allowed to
exercise. I think this can be implemented as an ACL with a special tag,
but if you have some spare space you could think about reserving it for
capabilities.

Capabilities is a method where the super-user privileges are divided into
lots of different "capabilities" such as the capability that lets 
a process set the time, the capability that lets a process bind
to a reserved port etc. There are currently about 65 capabilities in the
linux capabilities implementation.

It would be nice if CODA could support some of the extended attributes
that NFS can't. 

astor

--
 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
 http://www.guardian.no/
Received on 1997-12-10 10:15:56