diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-11-22 14:49:54 +0000 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-11-22 16:19:21 +0000 |
| commit | 218b39acae324955b089dcfc191b0270b6bafb62 (patch) | |
| tree | e688599c48ada8ff10ddca6f404b629e2c4d1ba2 /TODO | |
| parent | 784e53287e18c324dda9c4cc93b9aae4790eb909 (diff) | |
| download | libguestfs-218b39acae324955b089dcfc191b0270b6bafb62.tar.gz libguestfs-218b39acae324955b089dcfc191b0270b6bafb62.tar.xz libguestfs-218b39acae324955b089dcfc191b0270b6bafb62.zip | |
New APIs: Implement POSIX ACLs.
This adds the following new APIs:
- acl_get_file
- acl_set_file
- acl_delete_def_file
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 17 |
1 files changed, 4 insertions, 13 deletions
@@ -588,20 +588,11 @@ is very poorly designed and essentially impossible for us to use: particularly if we also want to maintain backwards compatibility with Ruby 1.8, and/or maintain volatile VALUEs on the stack. -ACLs and capabilities ---------------------- - -We need to model both filesystem ACLs and filesystem capabilities -through the API. This is particularly important in order to be able -to implement SCAP. - -ACLs can be read and written using the acl(5) library and the -functions like acl_set_file(3) etc. +Filesystem capabilities +----------------------- -Setting the ACL on a file sets the extended attribute -'system.posix_acl_access' to a binary blob. The kernel has a whole -bunch of complex code that seems to interpret these -(linux/fs/posix_acl.c). +We need to model filesystem capabilities through the API. This is +particularly important in order to be able to implement SCAP. Filesystem capabilities can be read and written using the libcap(3) library and functions like cap_get_file, cap_set_file. |