[Ocfs2-devel] [RFC] The reflink(2) system call v4.
Joel Becker
Joel.Becker at oracle.com
Wed May 13 11:27:23 PDT 2009
On Wed, May 13, 2009 at 01:23:58PM -0400, Stephen Smalley wrote:
> File capabilities live under security.*, but ACLs predate the security
> namespace and live in the system namespace as
> "system.posix_acl_access" (and if a directory, there is also a
> "system.posix_acl_default" attribute that specifies the default ACL for
> new files in that directory).
>
> In the preserve_security==0 case, you'd want to:
> - drop all attributes under security.* on the new inode,
> - set (security.<name>, value) to the name:value pair provided by
> security_inode_init_security(),
> - set system.posix_acl_access to the default ACL associated with the
> parent directory (the "system.posix_acl_default" attribute on the
> parent).
>
> The latter two steps are what is already done in the new inode creation
> code path, so you hopefully can just reuse that code.
I am absolutely expecting to reuse that code. I was just
trying to make sure I didn't miss any steps prior to the normal
new-inode stuff. Thanks.
Joel
--
The zen have a saying:
"When you learn how to listen, ANYONE can be your teacher."
Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker at oracle.com
Phone: (650) 506-8127
More information about the Ocfs2-devel
mailing list