Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

.\" $NetBSD: genfs.9,v 1.8 2022/01/17 22:27:20 wiz Exp $
.\"
.\" Copyright 2012 Elad Efrat <elad@NetBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd January 17, 2022
.Dt GENFS 9
.Os
.Sh NAME
.Nm genfs
.Nd genfs routines
.Sh SYNOPSIS
.In miscfs/genfs/genfs.h
.Ft int
.Fn genfs_can_chflags "vnode_t *vp" kauth_cred_t cred" "uid_t owner_uid" \
"bool changing_sysflags"
.Ft int
.Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
"gid_t cur_gid" "mode_t new_mode"
.Ft int
.Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
    "gid_t cur_gid" "uid_t new_uid" "gid_t new_gid"
.Ft int
.Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \
"u_int vaflags"
.Ft int
.Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \
"int attrnamespace"
.Ft int
.Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \
    "uid_t file_uid"
.Sh DESCRIPTION
The functions documented here are general routines for internal use in
file systems to implement common policies for performing various operations.
The developer must understand that these routines implement no system-wide
policies and only take into account the object being accessed and the
nominal values of the credentials accessing it.
.Pp
In other words, these functions are not meant to be called directly.
They are intended to be used in
.Xr kauth 9
vnode scope authorization calls, for providing the fall-back file system
decision.
.Pp
As a rule of thumb, code that looks like this is wrong:
.Bd -literal -offset indent
error = genfs_can_foo(...); /* WRONG */
.Ed
.Pp
While code that looks like this is right:
.Bd -literal -offset indent
error = kauth_authorize_vnode(..., genfs_can_foo(...));
.Ed
.Sh FUNCTIONS
.Bl -tag -width compact
.It Fn genfs_can_chflags "vnode_t *vp" "kauth_cred_t cred"
"uid_t owner_uid" "bool changing_sysflags"
Implements
.Xr chflags 2
policy.
.It Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
"gid_t cur_gid" "mode_t new_mode"
Implements
.Xr chmod 2
policy.
.It Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
"gid_t cur_gid" "uid_t new_uid" "gid_t new_gid"
Implements
.Xr chown 2
policy.
.It Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \
"u_int vaflags"
Implements
.Xr utimes 2
policy.
.It Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \
"int attrnamespace"
Implements extended attributes access policy.
.It Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \
"uid_t file_uid"
Implements rename and delete policy from sticky directories.
.El
.Sh SEE ALSO
.Xr genfs_can_access 9 ,
.Xr genfs_can_access_acl_nfs4 9 ,
.Xr genfs_can_access_acl_posix1e 9 ,
.Xr genfs_rename 9 ,
.Xr kauth 9
.Sh AUTHORS
.An Elad Efrat Aq Mt elad@NetBSD.org
wrote this manual page.