[rsbac] To-Do List for 1.2.3

Samuli Kärkkäinen skarkkai at woods.iki.fi
Mon Sep 29 01:10:14 MEST 2003

On Sun, Sep 28, 2003 at 10:56:20PM +0200, Peter Busser wrote:
> Hi!
> > This is indeed one way to solve this issue. However if rsbac really were
> > path based it would also solve the "~/.Xauthority problem" and remove the
> > necessity of "restoring" all permissions after any rpm/deb update.
> Computers like numbers. Paths are not numbers. Therefore computers do not like
> them. I-node numbers exist for a good reason. Any path-based access control
> mechanism will be computer unfriendly. In other words: It will be slow and
> cost a lot of memory. Therefore people will hate it.
> It would really be a nice idea if you could implement it efficiently.

My belief is that unix uses heavily inodes mainly because hard links
necessitate user visible inodes.

I imagine that rsbac needs to store a fairly small number of paths,
basically only as many as there are settings for in the FD menu. That would
be around 10-100. Hence the memory footprint should be neglible. Be it
inodes or filesystem paths, they are likely stored in a hash table. Hence
the performance different comes from having to compute a hash key of a path
instead of a inode. Granted there is some difference there, but I suspect
that's not enormous. After all kernel needs to do that stuff every time a
file is opened/stat'd.

If I have a wrong idea about this, I gladly stand corrected.

  Samuli Kärkkäinen                   |\      _,,,---,,_
 skarkkai at woods.iki.fi ---------ZZZzz /,`.-'`'    -.  ;-;;,_------
http://www.woods.iki.fi              |,4-  ) )-,_. ,\ (  `'-'
                                     '---''(_/--'  `-'\_)

More information about the rsbac mailing list