115 lines
4.2 KiB
Groff
115 lines
4.2 KiB
Groff
.\" $NetBSD: genfs.9,v 1.8 2022/01/17 22:27:20 wiz Exp $
|
|
.\"
|
|
.\" Copyright 2012 Elad Efrat <elad@NetBSD.org>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd January 17, 2022
|
|
.Dt GENFS 9
|
|
.Os
|
|
.Sh NAME
|
|
.Nm genfs
|
|
.Nd genfs routines
|
|
.Sh SYNOPSIS
|
|
.In miscfs/genfs/genfs.h
|
|
.Ft int
|
|
.Fn genfs_can_chflags "vnode_t *vp" kauth_cred_t cred" "uid_t owner_uid" \
|
|
"bool changing_sysflags"
|
|
.Ft int
|
|
.Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
|
|
"gid_t cur_gid" "mode_t new_mode"
|
|
.Ft int
|
|
.Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
|
|
"gid_t cur_gid" "uid_t new_uid" "gid_t new_gid"
|
|
.Ft int
|
|
.Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \
|
|
"u_int vaflags"
|
|
.Ft int
|
|
.Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \
|
|
"int attrnamespace"
|
|
.Ft int
|
|
.Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \
|
|
"uid_t file_uid"
|
|
.Sh DESCRIPTION
|
|
The functions documented here are general routines for internal use in
|
|
file systems to implement common policies for performing various operations.
|
|
The developer must understand that these routines implement no system-wide
|
|
policies and only take into account the object being accessed and the
|
|
nominal values of the credentials accessing it.
|
|
.Pp
|
|
In other words, these functions are not meant to be called directly.
|
|
They are intended to be used in
|
|
.Xr kauth 9
|
|
vnode scope authorization calls, for providing the fall-back file system
|
|
decision.
|
|
.Pp
|
|
As a rule of thumb, code that looks like this is wrong:
|
|
.Bd -literal -offset indent
|
|
error = genfs_can_foo(...); /* WRONG */
|
|
.Ed
|
|
.Pp
|
|
While code that looks like this is right:
|
|
.Bd -literal -offset indent
|
|
error = kauth_authorize_vnode(..., genfs_can_foo(...));
|
|
.Ed
|
|
.Sh FUNCTIONS
|
|
.Bl -tag -width compact
|
|
.It Fn genfs_can_chflags "vnode_t *vp" "kauth_cred_t cred"
|
|
"uid_t owner_uid" "bool changing_sysflags"
|
|
Implements
|
|
.Xr chflags 2
|
|
policy.
|
|
.It Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
|
|
"gid_t cur_gid" "mode_t new_mode"
|
|
Implements
|
|
.Xr chmod 2
|
|
policy.
|
|
.It Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
|
|
"gid_t cur_gid" "uid_t new_uid" "gid_t new_gid"
|
|
Implements
|
|
.Xr chown 2
|
|
policy.
|
|
.It Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \
|
|
"u_int vaflags"
|
|
Implements
|
|
.Xr utimes 2
|
|
policy.
|
|
.It Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \
|
|
"int attrnamespace"
|
|
Implements extended attributes access policy.
|
|
.It Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \
|
|
"uid_t file_uid"
|
|
Implements rename and delete policy from sticky directories.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr genfs_can_access 9 ,
|
|
.Xr genfs_can_access_acl_nfs4 9 ,
|
|
.Xr genfs_can_access_acl_posix1e 9 ,
|
|
.Xr genfs_rename 9 ,
|
|
.Xr kauth 9
|
|
.Sh AUTHORS
|
|
.An Elad Efrat Aq Mt elad@NetBSD.org
|
|
wrote this manual page.
|