On modern systems the ACL is part of the per file metadata. It's a method I'd like to see for ACLs on modern systems.
The use of a user mode daemon to make decisions about whether file access is allowed reminds me of the way TOPS-10 on DEC PDP-10 did access control lists over 40 years ago. The usermode can either allow or deny the event by replying. > AUTH means that the system call is blocked (on that condition variable I mentioned about), and the user mode daemon is asked about the generated event: "postgres, pid 999, open() on file /path/file with flags 0x400003" - something like that. This from that PostgreSQL mailing list link you give is interesting: However, calls that have already committedĪre not restarted, but instead return a partial success (for example, a Sendto(2), recvfrom(2), sendmsg(2) and recvmsg(2) on a communicationsĬhannel or a slow device (such as a terminal, but not a regular file) andĭuring a wait(2) or ioctl(2). The affected system calls include open(2), read(2), write(2), Restart of pending calls is requested by setting the SA_RESTART bit in > If a signal is caught during the system calls listed below, the call mayīe forced to terminate with the error EINTR, the call may return with aĭata transfer shorter than requested, or the call may be restarted. It seems to me like a bug in macOS, since they're going against their own documentation. While open is documented for macOS to be able to return EINTR, the documentation for sigaction seems to specify (in confusing wording) that setting SA_RESTART prevents that.
0 kommentar(er)
