HardenedBSD/sys/conf/options
Robert Watson a70f27470f Introduce support for POSIX.1e ACLs on UFS-based file systems. This
implementation is still experimental, and while fairly broadly tested,
is not yet intended for production use.  Support for POSIX.1e ACLs on
UFS will not be MFC'd to RELENG_4.

This implementation works by providing implementations of VOP_[GS]ETACL()
for FFS, as well as modifying the appropriate access control and file
creation routines.  In this implementation, ACLs are backed into extended
attributes; the base ACL (owner, group, other) permissions remain in the
inode for performance and compatibility reasons, so only the extended and
default ACLs are placed in extended attributes.  The logic for ACL
evaluation is provided by the fs-independent kern/kern_acl.c.

o Introduce UFS_ACL, a compile-time configuration option that enables
  support for ACLs on FFS (and potentially other UFS-based file systems).
o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which
  respectively get, set, and check the ACLs on the passed vnode.
o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to
  maintain access control information between inode permissions and
  extended attribute data.
o Modify ufs_access() to load a file access ACL and invoke
  vaccess_acl_posix1e() if ACLs are available on the file system
o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly
  created directories and files, inheriting from the parent directory's
  default ACL.
o Enable these new vnode operations and conditionally compiled code
  paths if UFS_ACL is defined.

A few notes:

o This implementation is fairly widely tested, but still should be
  considered experimental.
o Currently, ACLs are not exported via NFS, instead, the summarizing
  file mode/etc from the inode is.  This results in conservative
  protection behavior, similar to the behavior of ACL-nonaware programs
  acting locally.
o It is possible that underlying binary data formats associated with
  this implementation may change.  Consumers of the implementation
  should expect to find their local configuration obsoleted in the
  next few months, resulting in possible loss of ACL data during an
  upgrade.
o The extended attributes interface and implementation is still
  undergoing modification to address portable interface concerns, as
  well as performance.
o Many applications do not yet correctly handle ACLs.  In general,
  due to the POSIX.1e ACL model, behavior of ACL-unaware applications
  will be conservative with respects to file protection; some caution
  is recommended.
o Instructions for configuring and maintaining ACLs on UFS will be
  committed in the near future; in the mean time it is possible to
  reference the README included in the last UFS ACL distribution
  placed in the TrustedBSD web site:

      http://www.TrustedBSD.org/downloads/

Substantial debugging, hardware, travel, or connectivity support for this
project was provided by: BSDi, Safeport Network Services, and NAI Labs.
Significant coding contributions were made by Chris Faulhaber.  Additional
support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.

Reviewed by:	jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs
Obtained from:	TrustedBSD Project
2001-03-26 17:53:19 +00:00

509 lines
13 KiB
Plaintext

# $FreeBSD$
#
# On the handling of kernel options
#
# All kernel options should be listed in LINT, with suitable
# descriptions. Negative options (options that make some code not
# compile) should be commented out; LINT should compile as much code
# as possible. Try to structure option-using code so that a single
# option only switch code on, or only switch code off, to make it
# possible to have a full compile-test. If necessary, you can check
# for COMPILING_LINT to get maximum code coverage.
#
# All new options shall also be listed in either "conf/options" or
# "<machine>/conf/options.<machine>". Options that affect a single
# source-file <xxx>.[c|s] should be directed into "opt_<xxx>.h", while
# options that affect multiple files should either go in
# "opt_global.h" if this is a kernel-wide option (used just about
# everywhere), or in "opt_<option-name-in-lower-case>.h" if it affect
# only some files. Note that the effect of listing only an option
# without a header-file-name in conf/options (and cousins) is that the
# last convention is followed.
#
# This handling scheme is not yet fully implemented.
#
#
# Format of this file:
# Option name filename
#
# If filename is missing, the default is
# opt_<name-of-option-in-lower-case>.h
# Adaptec Array Controller driver options
AAC_COMPAT_LINUX opt_acc.h # Enable the linux ioctl interface
AAC_DEBUG opt_aac.h # Debugging levels:
# 0 - quiet, only emit warnings
# 1 - noisy, emit major function
# points and things done
# 2 - extremely noisy, emit trace
# items in loops, etc.
# Adaptec aic7xxx SCSI controller options
AHC_ALLOW_MEMIO opt_aic7xxx.h # Allow PCI devices to use memory
# mapped I/O
AHC_TMODE_ENABLE opt_aic7xxx.h # Bitmap of units to enable
# targetmode operations.
AHC_DUMP_EEPROM opt_aic7xxx.h # Dump the contents of our
# configuration prom.
AHC_DEBUG_SEQUENCER opt_aic7xxx.h # Enable diagnostic sequencer code
ADW_ALLOW_MEMIO opt_adw.h # Allow PCI devices to use memory
# mapped I/O
# Miscellaneous options.
COMPAT_43 opt_compat.h
COMPAT_SUNOS opt_compat.h
COMPILING_LINT opt_global.h
CY_PCI_FASTINTR
DDB
DDB_UNATTENDED opt_ddb.h
GDB_REMOTE_CHAT opt_ddb.h
DEVFS
HW_WDOG
KTRACE
MD_ROOT opt_md.h
MD_ROOT_SIZE opt_md.h
MFS_ROOT opt_mfs.h
MFS_ROOT_SIZE opt_mfs.h
NTIMECOUNTER opt_ntp.h
NSWAPDEV opt_swap.h
PPS_SYNC opt_ntp.h
QUOTA
SPX_HACK
SUIDDIR opt_suiddir.h
SYSVMSG opt_sysvipc.h
SYSVSEM opt_sysvipc.h
SYSVSHM opt_sysvipc.h
SHMALL opt_sysvipc.h
SHMMAX opt_sysvipc.h
SHMMAXPGS opt_sysvipc.h
SHMMIN opt_sysvipc.h
SHMMNI opt_sysvipc.h
SHMSEG opt_sysvipc.h
SEMMAP opt_sysvipc.h
SEMMNI opt_sysvipc.h
SEMMNS opt_sysvipc.h
SEMMNU opt_sysvipc.h
SEMMSL opt_sysvipc.h
SEMOPM opt_sysvipc.h
SEMUME opt_sysvipc.h
MSGMNB opt_sysvipc.h
MSGMNI opt_sysvipc.h
MSGSEG opt_sysvipc.h
MSGSSZ opt_sysvipc.h
MSGTQL opt_sysvipc.h
UCONSOLE
VFS_AIO
# POSIX kernel options
P1003_1B opt_posix.h
_KPOSIX_PRIORITY_SCHEDULING opt_posix.h
_KPOSIX_VERSION opt_posix.h
# TrustedBSD and POSIX.1e Kernel Options
CAPABILITIES opt_cap.h
# Do we want the config file compiled into the kernel?
INCLUDE_CONFIG_FILE opt_config.h
# Options for static file systems. These should only be used at config
# time, since the corresponding lkms cannot work if there are any static
# dependencies. Unusability is enforced by hiding the defines for the
# options in a never-included header.
CD9660 opt_dontuse.h
CODA opt_dontuse.h
EXT2FS opt_dontuse.h
FDESC opt_dontuse.h
FFS opt_dontuse.h
IFS opt_dontuse.h
LINPROCFS opt_dontuse.h
MFS opt_dontuse.h
MSDOSFS opt_dontuse.h
NULLFS opt_dontuse.h
NWFS opt_dontuse.h
PORTAL opt_dontuse.h
PROCFS opt_dontuse.h
UMAPFS opt_dontuse.h
NTFS opt_dontuse.h
HPFS opt_dontuse.h
# These static filesystems has one slightly bogus static dependency in
# sys/i386/i386/autoconf.c. If any of these filesystems are
# statically compiled into the kernel, code for mounting them as root
# filesystems will be enabled - but look below.
NFS
# If you are following the conditions in the copyright,
# you can enable soft-updates which will speed up a lot of thigs
# and make the system safer from crashes at the same time.
# otherwise a STUB module will be compiled in.
SOFTUPDATES opt_ffs.h
# Enabling this option turns on support for Access Control Lists in UFS,
# which can be used to support high security configurations. Depends on
# UFS_EXTATTR.
UFS_ACL opt_ufs.h
# Enabling this option turns on support for extended attributes in UFS-based
# file systems, which can be used to support high security configurations
# as well as new file system features.
UFS_EXTATTR opt_ufs.h
UFS_EXTATTR_AUTOSTART opt_ufs.h
# The above static dependencies are planned removed, with a
# <filesystem>_ROOT option to control if it usable as root. This list
# allows these options to be present in config files already (though
# they won't make any difference yet).
NFS_ROOT opt_nfsroot.h
# The union static file system has bogus static dependencies, so it isn't
# hidden yet.
UNION
# Options used only in param.c.
HZ opt_param.h
MAXFILES opt_param.h
MAXUSERS opt_param.h
NBUF opt_param.h
NMBCLUSTERS opt_param.h
NSFBUFS opt_param.h
# Generic SCSI options.
CAM_MAX_HIGHPOWER opt_cam.h
CAMDEBUG opt_cam.h
CAM_DEBUG_DELAY opt_cam.h
CAM_DEBUG_BUS opt_cam.h
CAM_DEBUG_TARGET opt_cam.h
CAM_DEBUG_LUN opt_cam.h
CAM_DEBUG_FLAGS opt_cam.h
SCSI_DELAY opt_scsi.h
SCSI_NO_SENSE_STRINGS opt_scsi.h
SCSI_NO_OP_STRINGS opt_scsi.h
# Options used only in cam/scsi/scsi_cd.c
CHANGER_MIN_BUSY_SECONDS opt_cd.h
CHANGER_MAX_BUSY_SECONDS opt_cd.h
# Options used only in cam/scsi/scsi_sa.c.
SA_SPACE_TIMEOUT opt_sa.h
SA_REWIND_TIMEOUT opt_sa.h
SA_ERASE_TIMEOUT opt_sa.h
SA_1FM_AT_EOD opt_sa.h
# Options used only in cam/scsi/scsi_pt.c
SCSI_PT_DEFAULT_TIMEOUT opt_pt.h
# Options used only in cam/scsi/scsi_ses.c
SES_ENABLE_PASSTHROUGH opt_ses.h
# Options used in dev/sym/ (Symbios SCSI driver).
SYM_SETUP_LP_PROBE_MAP opt_sym.h #-Low Priority Probe Map (bits)
# Allows the ncr to take precedence
# 1 (1<<0) -> 810a, 860
# 2 (1<<1) -> 825a, 875, 885, 895
# 4 (1<<2) -> 895a, 896, 1510d
SYM_SETUP_SCSI_DIFF opt_sym.h #-HVD support for 825a, 875, 885
# disabled:0 (default), enabled:1
SYM_SETUP_PCI_PARITY opt_sym.h #-PCI parity checking
# disabled:0, enabled:1 (default)
SYM_SETUP_MAX_LUN opt_sym.h #-Number of LUNs supported
# default:8, range:[1..64]
# Options used only in pci/ncr.c
SCSI_NCR_DEBUG opt_ncr.h
SCSI_NCR_MAX_SYNC opt_ncr.h
SCSI_NCR_MAX_WIDE opt_ncr.h
SCSI_NCR_MYADDR opt_ncr.h
# Options used only in pci/isp_pci.c
ISP_TARGET_MODE opt_isp.h
# Options used in the 'ata' ATA/ATAPI driver
ACD_DEBUG opt_ata.h
AST_DEBUG opt_ata.h
ATAPI_DEBUG opt_ata.h
ATA_DEBUG opt_ata.h
ATA_STATIC_ID opt_ata.h
DEV_ATADISK opt_ata.h
DEV_ATAPICD opt_ata.h
DEV_ATAPIST opt_ata.h
DEV_ATAPIFD opt_ata.h
# Resource limits.
DFLDSIZ opt_rlimit.h
MAXDSIZ opt_rlimit.h
# Net stuff.
ACCEPT_FILTER_DATA
ACCEPT_FILTER_HTTP
BOOTP opt_bootp.h
BOOTP_COMPAT opt_bootp.h
BOOTP_NFSROOT opt_bootp.h
BOOTP_NFSV3 opt_bootp.h
BOOTP_WIRED_TO opt_bootp.h
BRIDGE opt_bdg.h
ETHER_II opt_ef.h
ETHER_8023 opt_ef.h
ETHER_8022 opt_ef.h
ETHER_SNAP opt_ef.h
MROUTING opt_mrouting.h
INET opt_inet.h
INET6 opt_inet6.h
IPSEC opt_ipsec.h
IPSEC_ESP opt_ipsec.h
IPSEC_DEBUG opt_ipsec.h
IPDIVERT
DUMMYNET opt_ipdn.h
IPFILTER opt_ipfilter.h
IPFILTER_LOG opt_ipfilter.h
IPFILTER_DEFAULT_BLOCK opt_ipfilter.h
PFIL_HOOKS opt_pfil_hooks.h
IPFIREWALL opt_ipfw.h
IPFIREWALL_VERBOSE opt_ipfw.h
IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h
IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h
IPFIREWALL_FORWARD opt_ipfw.h
IPV6FIREWALL opt_ip6fw.h
IPV6FIREWALL_VERBOSE opt_ip6fw.h
IPV6FIREWALL_VERBOSE_LIMIT opt_ip6fw.h
IPV6FIREWALL_DEFAULT_TO_ACCEPT opt_ip6fw.h
IPSTEALTH
IPX opt_ipx.h
IPXIP opt_ipx.h
IPTUNNEL opt_ipx.h
LIBMCHAIN
NCP opt_ncp.h
NETATALK opt_atalk.h
PPP_BSDCOMP opt_ppp.h
PPP_DEFLATE opt_ppp.h
PPP_FILTER opt_ppp.h
SLIP_IFF_OPTS opt_slip.h
TCP_COMPAT_42 opt_compat.h
TCPDEBUG
TCP_DROP_SYNFIN opt_tcp_input.h
XBONEHACK
# Netgraph(4). Use option NETGRAPH to enable the base netgraph code.
# Each netgraph node type can be either be compiled into the kernel
# or loaded dynamically. To get the former, include the corresponding
# option below. Each type has its own man page, e.g. ng_async(4).
NETGRAPH
NETGRAPH_ASYNC opt_netgraph.h
NETGRAPH_BPF opt_netgraph.h
NETGRAPH_BRIDGE opt_netgraph.h
NETGRAPH_CISCO opt_netgraph.h
NETGRAPH_ECHO opt_netgraph.h
NETGRAPH_ETHER opt_netgraph.h
NETGRAPH_FRAME_RELAY opt_netgraph.h
NETGRAPH_HOLE opt_netgraph.h
NETGRAPH_IFACE opt_netgraph.h
NETGRAPH_KSOCKET opt_netgraph.h
NETGRAPH_LMI opt_netgraph.h
# MPPC compression requires proprietary files (not included)
NETGRAPH_MPPC_COMPRESSION opt_netgraph.h
NETGRAPH_MPPC_ENCRYPTION opt_netgraph.h
NETGRAPH_ONE2MANY opt_netgraph.h
NETGRAPH_PPP opt_netgraph.h
NETGRAPH_PPPOE opt_netgraph.h
NETGRAPH_PPTPGRE opt_netgraph.h
NETGRAPH_RFC1490 opt_netgraph.h
NETGRAPH_SOCKET opt_netgraph.h
NETGRAPH_TEE opt_netgraph.h
NETGRAPH_TTY opt_netgraph.h
NETGRAPH_UI opt_netgraph.h
NETGRAPH_VJC opt_netgraph.h
# ATM (HARP version)
ATM_CORE opt_atm.h
ATM_IP opt_atm.h
ATM_SIGPVC opt_atm.h
ATM_SPANS opt_atm.h
ATM_UNI opt_atm.h
# XXX Conflict: # of devices vs network protocol (Native ATM).
# This makes "atm.h" unusable.
NATM opt_natm.h
DPT_ALLOW_MEMIO opt_dpt.h # Allow PCI devices to use memory
# mapped I/O
# DPT driver debug flags
DPT_MEASURE_PERFORMANCE opt_dpt.h
DPT_HANDLE_TIMEOUTS opt_dpt.h
DPT_TIMEOUT_FACTOR opt_dpt.h
DPT_LOST_IRQ opt_dpt.h
DPT_RESET_HBA opt_dpt.h
# Adaptec ASR and DPT V/VI controller options
ASR_MEASURE_PERFORMANCE opt_asr.h
# Misc debug flags. Most of these should probably be replaced with
# 'DEBUG', and then let people recompile just the interesting modules
# with 'make CC="cc -DDEBUG"'.
CLUSTERDEBUG opt_debug_cluster.h
DEBUG_1284 opt_ppb_1284.h
VP0_DEBUG opt_vpo.h
LPT_DEBUG opt_lpt.h
PLIP_DEBUG opt_plip.h
LOCKF_DEBUG opt_debug_lockf.h
LOUTB opt_debug_outb.h
NPX_DEBUG opt_debug_npx.h
NETATALKDEBUG opt_atalk.h
SI_DEBUG opt_debug_si.h
# Fb options
FB_DEBUG opt_fb.h
FB_INSTALL_CDEV opt_fb.h
# ppbus related options
PERIPH_1284 opt_ppb_1284.h
DONTPROBE_1284 opt_ppb_1284.h
# smbus related options
ENABLE_ALART opt_intpm.h
# These cause changes all over the kernel
BLKDEV_IOSIZE opt_global.h
DEBUG opt_global.h
DEBUG_LOCKS opt_global.h
DEBUG_VFS_LOCKS opt_global.h
DIAGNOSTIC opt_global.h
ENABLE_VFS_IOOPT opt_global.h
INVARIANT_SUPPORT opt_global.h
INVARIANTS opt_global.h
SIMPLELOCK_DEBUG opt_global.h
VFS_BIO_DEBUG opt_global.h
# These are VM related options
VM_KMEM_SIZE opt_vm.h
VM_KMEM_SIZE_SCALE opt_vm.h
VM_KMEM_SIZE_MAX opt_vm.h
NO_SWAPPING opt_vm.h
PQ_NOOPT opt_vmpage.h
PQ_NORMALCACHE opt_vmpage.h
PQ_MEDIUMCACHE opt_vmpage.h
PQ_LARGECACHE opt_vmpage.h
PQ_HUGECACHE opt_vmpage.h
PQ_CACHESIZE opt_vmpage.h
# Standard SMP options
SMP opt_global.h
# sys/netkey
KEY
# Size of the kernel message buffer
MSGBUF_SIZE opt_msgbuf.h
# PCI related options
PCI_QUIET opt_pci.h
# NFS options
NFS_MINATTRTIMO opt_nfs.h
NFS_MAXATTRTIMO opt_nfs.h
NFS_MINDIRATTRTIMO opt_nfs.h
NFS_MAXDIRATTRTIMO opt_nfs.h
NFS_GATHERDELAY opt_nfs.h
NFS_UIDHASHSIZ opt_nfs.h
NFS_WDELAYHASHSIZ opt_nfs.h
NFS_MUIDHASHSIZ opt_nfs.h
NFS_NOSERVER opt_nfs.h
NFS_DEBUG opt_nfs.h
# For the Bt848/Bt848A/Bt849/Bt878/Bt879 driver
OVERRIDE_CARD opt_bktr.h
OVERRIDE_TUNER opt_bktr.h
OVERRIDE_DBX opt_bktr.h
OVERRIDE_MSP opt_bktr.h
BROOKTREE_SYSTEM_DEFAULT opt_bktr.h
BROOKTREE_ALLOC_PAGES opt_bktr.h
BKTR_OVERRIDE_CARD opt_bktr.h
BKTR_OVERRIDE_TUNER opt_bktr.h
BKTR_OVERRIDE_DBX opt_bktr.h
BKTR_OVERRIDE_MSP opt_bktr.h
BKTR_SYSTEM_DEFAULT opt_bktr.h
BKTR_ALLOC_PAGES opt_bktr.h
BKTR_USE_PLL opt_bktr.h
BKTR_GPIO_ACCESS opt_bktr.h
BKTR_NO_MSP_RESET opt_bktr.h
BKTR_430_FX_MODE opt_bktr.h
BKTR_SIS_VIA_MODE opt_bktr.h
# meteor opt_meteor.h
METEOR_ALLOC_PAGES opt_meteor.h
METEOR_TEST_VIDEO opt_meteor.h
METEOR_SYSTEM_DEFAULT opt_meteor.h
METEOR_DEALLOC_PAGES opt_meteor.h
METEOR_DEALLOC_ABOVE opt_meteor.h
# Various mi ISA bus flags
COM_ESP opt_sio.h
COM_MULTIPORT opt_sio.h
BREAK_TO_DEBUGGER opt_comconsole.h
ALT_BREAK_TO_DEBUGGER opt_comconsole.h
DEV_ISA opt_isa.h
# Include tweaks for running under the SimOS machine simulator.
SIMOS opt_simos.h
# options for bus/device framework
BUS_DEBUG opt_bus.h
DEVICE_SYSCTLS opt_bus.h
# options for USB support
UHCI_DEBUG opt_usb.h
OHCI_DEBUG opt_usb.h
USB_DEBUG opt_usb.h
UGEN_DEBUG opt_usb.h
UHID_DEBUG opt_usb.h
UHUB_DEBUG opt_usb.h
UKBD_DEBUG opt_usb.h
ULPT_DEBUG opt_usb.h
UMASS_DEBUG opt_usb.h
UMS_DEBUG opt_usb.h
URIO_DEBUG opt_usb.h
UKBD_DFLT_KEYMAP opt_ukbd.h
# Vinum options
VINUMDEBUG opt_vinum.h
# Embedded system options
INIT_PATH opt_init_path.h
ROOTDEVNAME opt_rootdevname.h
FDC_DEBUG opt_fdc.h
PCFCLOCK_VERBOSE opt_pcfclock.h
PCFCLOCK_MAX_RETRIES opt_pcfclock.h
TDFX_LINUX opt_tdfx.h
KTR opt_global.h
KTR_MASK opt_ktr.h
KTR_CPUMASK opt_ktr.h
KTR_COMPILE opt_global.h
KTR_ENTRIES opt_global.h
KTR_EXTEND opt_global.h
KTR_VERBOSE opt_ktr.h
MUTEX_DEBUG opt_global.h
CV_DEBUG opt_global.h
WITNESS opt_global.h
WITNESS_DDB opt_witness.h
WITNESS_SKIPSPIN opt_witness.h
# options for ACPI support
ACPI_DEBUG opt_acpi.h
AML_DEBUG opt_acpi.h
ACPI_NO_ENABLE_ON_BOOT opt_acpi.h
# options for DEVFS, see sys/fs/devfs/devfs.h
NDEVFSINO opt_devfs.h
NDEVFSOVERFLOW opt_devfs.h
# various 'device presence' options.
DEV_SNP opt_snp.h
DEV_MCA opt_mca.h
DEV_BPF opt_bpf.h