Advisory file locks and mandatory file locks are two quite different things

May 7, 2023

On the surface, it sounds like advisory file locks and mandatory file locks are almost the same thing, with only a little change; they're both file locks, you're just changing one word and some small behavior. It's my view that this is a linguistic artifact, an effect of the words we're using, and they are actually very different things that are much further apart than their names make them sound.

Advisory file locks are in effect a form of broadcast interprocess communication (IPC) between vaguely cooperating processes. Processes use 'file locking' to broadcast information about what they're doing (such as reading or modifying a file) and what other processes shouldn't do (such as modify or sometimes read the file). Generally there's a simple system to regulate who can broadcast what sort of messages; for example, in Unix you may need to be able to open a file for writing before you can obtain an exclusive lock on it (ie, to broadcast your desire that no one else access the file).

By contrast, mandatory file locks are a form of dynamic mandatory access control (MAC) that's applied to other processes. When a process obtains a given sort of mandatory file lock, it actively prohibits other processes from doing certain things to the file while the lock is held (what's prohibited depends on the lock type and the system, but it's common for exclusive locks to prevent both reading and writing and shared locks to prevent writing). Since this is mandatory access control, the other processes don't have to be cooperating ones and they more or less have no say in this. This isn't an accident, it's the entire point of using mandatory locks instead of advisory locks.

These two quite different things have quite different design needs. They also have very different impacts and effects on the rest of a system. It is hopefully obvious to everyone that there's much less impact to adding another IPC system (or two, if you have multiple forms of locks) than adding a new dynamic mandatory access control system. A new access control system will affect many other things in your overall system and will likely have interactions all over the place (for example, with your other access control systems).

(My personal view is that your entire set of access control systems need to be designed together in order to be coherent, usable, and not surprising. Especially, adding new MACs after the initial system design is done has historically not given really great results; there are often rough corners and unpleasant surprises. MACs often don't compose together but instead conflict with each other.)

Written on 07 May 2023.
« Finding which NFS client owns a lock on a NFS server via Linux kernel delving
When to use drgn instead of eBPF tools like bpftrace, and vice versa »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun May 7 19:57:33 2023
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.