NAME
genfs —
genfs routines
SYNOPSIS
#include <miscfs/genfs/genfs.h>
int
genfs_can_access(
enum
vtype type,
mode_t
file_mode,
uid_t uid,
gid_t gid,
mode_t acc_mode,
kauth_cred_t cred);
int
genfs_can_chflags(
kauth_cred_t
cred,
enum vtype
type,
uid_t
owner_uid,
bool
changing_sysflags);
int
genfs_can_chmod(
enum
vtype type,
kauth_cred_t
cred,
uid_t cur_uid,
gid_t cur_gid,
mode_t new_mode);
int
genfs_can_chown(
kauth_cred_t
cred,
uid_t cur_uid,
gid_t cur_gid,
uid_t new_uid,
gid_t new_gid);
int
genfs_can_chtimes(
vnode_t
*vp,
u_int vaflags,
uid_t owner_uid,
kauth_cred_t cred);
int
genfs_can_extattr(
kauth_cred_t
cred,
int
access_mode,
vnode_t
*vp,
const char
*attr);
int
genfs_can_sticky(
kauth_cred_t
cred,
uid_t dir_uid,
uid_t file_uid);
DESCRIPTION
The functions documented here are general routines for internal use in file
systems to implement common policies for performing various operations. The
developer must understand that these routines implement no system-wide
policies and only take into account the object being accessed and the nominal
values of the credentials accessing it.
In other words, these functions are not meant to be called directly. They are
intended to be used in
kauth(9)
vnode scope authorization calls, for providing the fall-back file system
decision.
As a rule of thumb, code that looks like this is wrong:
error = genfs_can_foo(...); /* WRONG */
While code that looks like this is right:
error = kauth_authorize_vnode(..., genfs_can_foo(...));
FUNCTIONS
-
-
- genfs_can_access(enum
vtype type, mode_t file_mode,
uid_t uid, gid_t gid,
mode_t acc_mode, kauth_cred_t
cred)
- Implements file access checking based on traditional Unix
permissions.
-
-
- genfs_can_chflags(kauth_cred_t
cred, enum vtype type, uid_t
owner_uid, bool changing_sysflags)
- Implements
chflags(2) policy.
-
-
- genfs_can_chmod(enum
vtype type, kauth_cred_t cred,
uid_t cur_uid, gid_t cur_gid,
mode_t new_mode)
- Implements
chmod(2) policy.
-
-
- genfs_can_chown(kauth_cred_t
cred, uid_t cur_uid, gid_t
cur_gid, uid_t new_uid, gid_t
new_gid)
- Implements
chown(2) policy.
-
-
- genfs_can_chtimes(vnode_t
*vp, u_int vaflags, uid_t
owner_uid, kauth_cred_t cred)
- Implements
utimes(2) policy.
-
-
- genfs_can_extattr(kauth_cred_t
cred, int access_mode, vnode_t
*vp, const char *attr)
- Implements extended attributes access policy.
-
-
- genfs_can_sticky(kauth_cred_t
cred, uid_t dir_uid, uid_t
file_uid)
- Implements rename and delete policy from sticky
directories.
SEE ALSO
kauth(9)
AUTHORS
Elad Efrat
<
elad@NetBSD.org> wrote
this manual page.