[rsbac] To-Do List for 1.2.3
Samuli Kärkkäinen
skarkkai at woods.iki.fi
Mon Sep 29 01:10:14 MEST 2003
On Sun, Sep 28, 2003 at 10:56:20PM +0200, Peter Busser wrote:
> Hi!
>
> > This is indeed one way to solve this issue. However if rsbac really were
> > path based it would also solve the "~/.Xauthority problem" and remove the
> > necessity of "restoring" all permissions after any rpm/deb update.
>
> Computers like numbers. Paths are not numbers. Therefore computers do not like
> them. I-node numbers exist for a good reason. Any path-based access control
> mechanism will be computer unfriendly. In other words: It will be slow and
> cost a lot of memory. Therefore people will hate it.
>
> It would really be a nice idea if you could implement it efficiently.
My belief is that unix uses heavily inodes mainly because hard links
necessitate user visible inodes.
I imagine that rsbac needs to store a fairly small number of paths,
basically only as many as there are settings for in the FD menu. That would
be around 10-100. Hence the memory footprint should be neglible. Be it
inodes or filesystem paths, they are likely stored in a hash table. Hence
the performance different comes from having to compute a hash key of a path
instead of a inode. Granted there is some difference there, but I suspect
that's not enormous. After all kernel needs to do that stuff every time a
file is opened/stat'd.
If I have a wrong idea about this, I gladly stand corrected.
--
Samuli Kärkkäinen |\ _,,,---,,_
skarkkai at woods.iki.fi ---------ZZZzz /,`.-'`' -. ;-;;,_------
http://www.woods.iki.fi |,4- ) )-,_. ,\ ( `'-'
'---''(_/--' `-'\_)
More information about the rsbac
mailing list