Robert Watson bbf0607700 Modify extended attribute protection model to authorize based on ... attribute namespace and DAC protection on file: - Attribute names beginning with '$' are in the system namespace - The attribute name "$" is reserved - System namespace attributes may only be read/set by suser() or by kernel (cred == NULL) - Other attribute names are in the application namespace - The attribute name "" is reserved - Application namespace attributes are protected in the manner of the target file permission o Kernel changes - Add ufs_extattr_valid_attrname() to check whether the requested attribute "set" or "enable" is appropriate (i.e., non-reserved) - Modify ufs_extattr_credcheck() to accept target file vnode, not to take inode uid - Modify ufs_extattr_credcheck() to check namespace, then enforce either kernel/suser for system namespace, or vaccess() for application namespace o EA backing file format changes - Remove permission fields from extended attribute backing file header - Bump extended attribute backing file header version to 3 o Update extattrctl.c and extattrctl.8 - Remove now deprecated -r and -w arguments to initattr, as permissions are now implicit - (unrelated) fix error reporting and unlinking during failed initattr to remove duplicate/inaccurate error messages, and to only unlink if the failure wasn't in the backing file open() Obtained from: TrustedBSD Project		2000-09-02 20:31:26 +00:00
..
ffs	Initialize *countp to 0 in stub for softdep_flushworklist().	2000-08-09 00:41:54 +00:00
mfs	Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c)	2000-08-20 21:34:39 +00:00
ufs	Modify extended attribute protection model to authorize based on	2000-09-02 20:31:26 +00:00