Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.


GENFS(9)                   Kernel Developer's Manual                  GENFS(9)

NAME
     genfs - genfs routines

SYNOPSIS
     #include <miscfs/genfs/genfs.h>

     int
     genfs_can_chflags(vnode_t *vp, kauth_cred_t, cred", uid_t owner_uid,
         bool changing_sysflags);

     int
     genfs_can_chmod(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
         gid_t cur_gid, mode_t new_mode);

     int
     genfs_can_chown(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
         gid_t cur_gid, uid_t new_uid, gid_t new_gid);

     int
     genfs_can_chtimes(vnode_t *vp, kauth_cred_t cred, uid_t owner_uid,
         u_int vaflags);

     int
     genfs_can_extattr(vnode_t *vp, kauth_cred_t cred, accmode_t accmode,
         int attrnamespace);

     int
     genfs_can_sticky(vnode_t *vp, kauth_cred_t cred, uid_t dir_uid,
         uid_t file_uid);

DESCRIPTION
     The functions documented here are general routines for internal use in
     file systems to implement common policies for performing various
     operations.  The developer must understand that these routines implement
     no system-wide policies and only take into account the object being
     accessed and the nominal values of the credentials accessing it.

     In other words, these functions are not meant to be called directly.
     They are intended to be used in kauth(9) vnode scope authorization calls,
     for providing the fall-back file system decision.

     As a rule of thumb, code that looks like this is wrong:

           error = genfs_can_foo(...); /* WRONG */

     While code that looks like this is right:

           error = kauth_authorize_vnode(..., genfs_can_foo(...));

FUNCTIONS
     genfs_can_chflags(vnode_t *vp, kauth_cred_t cred)
              "uid_t owner_uid" "bool changing_sysflags" Implements chflags(2)
              policy.

     genfs_can_chmod(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid, gid_t
              cur_gid, mode_t new_mode)
              Implements chmod(2) policy.

     genfs_can_chown(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid, gid_t
              cur_gid, uid_t new_uid, gid_t new_gid)
              Implements chown(2) policy.

     genfs_can_chtimes(vnode_t *vp, kauth_cred_t cred, uid_t owner_uid, u_int
              vaflags)
              Implements utimes(2) policy.

     genfs_can_extattr(vnode_t *vp, kauth_cred_t cred, accmode_t accmode, int
              attrnamespace)
              Implements extended attributes access policy.

     genfs_can_sticky(vnode_t *vp, kauth_cred_t cred, uid_t dir_uid, uid_t
              file_uid)
              Implements rename and delete policy from sticky directories.

SEE ALSO
     genfs_can_access(9), genfs_can_access_acl_nfs4(9),
     genfs_can_access_acl_posix1e(9), genfs_rename(9), kauth(9)

AUTHORS
     Elad Efrat <elad@NetBSD.org> wrote this manual page.

NetBSD 10.99                   January 17, 2022                   NetBSD 10.99