diff options
Diffstat (limited to 'static/netbsd/man9/genfs.9')
| -rw-r--r-- | static/netbsd/man9/genfs.9 | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/static/netbsd/man9/genfs.9 b/static/netbsd/man9/genfs.9 new file mode 100644 index 00000000..3de54d45 --- /dev/null +++ b/static/netbsd/man9/genfs.9 @@ -0,0 +1,114 @@ +.\" $NetBSD: genfs.9,v 1.8 2022/01/17 22:27:20 wiz Exp $ +.\" +.\" Copyright 2012 Elad Efrat <elad@NetBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd January 17, 2022 +.Dt GENFS 9 +.Os +.Sh NAME +.Nm genfs +.Nd genfs routines +.Sh SYNOPSIS +.In miscfs/genfs/genfs.h +.Ft int +.Fn genfs_can_chflags "vnode_t *vp" kauth_cred_t cred" "uid_t owner_uid" \ +"bool changing_sysflags" +.Ft int +.Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \ +"gid_t cur_gid" "mode_t new_mode" +.Ft int +.Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \ + "gid_t cur_gid" "uid_t new_uid" "gid_t new_gid" +.Ft int +.Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \ +"u_int vaflags" +.Ft int +.Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \ +"int attrnamespace" +.Ft int +.Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \ + "uid_t file_uid" +.Sh DESCRIPTION +The functions documented here are general routines for internal use in +file systems to implement common policies for performing various operations. +The developer must understand that these routines implement no system-wide +policies and only take into account the object being accessed and the +nominal values of the credentials accessing it. +.Pp +In other words, these functions are not meant to be called directly. +They are intended to be used in +.Xr kauth 9 +vnode scope authorization calls, for providing the fall-back file system +decision. +.Pp +As a rule of thumb, code that looks like this is wrong: +.Bd -literal -offset indent +error = genfs_can_foo(...); /* WRONG */ +.Ed +.Pp +While code that looks like this is right: +.Bd -literal -offset indent +error = kauth_authorize_vnode(..., genfs_can_foo(...)); +.Ed +.Sh FUNCTIONS +.Bl -tag -width compact +.It Fn genfs_can_chflags "vnode_t *vp" "kauth_cred_t cred" +"uid_t owner_uid" "bool changing_sysflags" +Implements +.Xr chflags 2 +policy. +.It Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \ +"gid_t cur_gid" "mode_t new_mode" +Implements +.Xr chmod 2 +policy. +.It Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \ +"gid_t cur_gid" "uid_t new_uid" "gid_t new_gid" +Implements +.Xr chown 2 +policy. +.It Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \ +"u_int vaflags" +Implements +.Xr utimes 2 +policy. +.It Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \ +"int attrnamespace" +Implements extended attributes access policy. +.It Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \ +"uid_t file_uid" +Implements rename and delete policy from sticky directories. +.El +.Sh SEE ALSO +.Xr genfs_can_access 9 , +.Xr genfs_can_access_acl_nfs4 9 , +.Xr genfs_can_access_acl_posix1e 9 , +.Xr genfs_rename 9 , +.Xr kauth 9 +.Sh AUTHORS +.An Elad Efrat Aq Mt elad@NetBSD.org +wrote this manual page. |