> Linus' opinion on "what goes into the kernel and what doesn't" is
> that what CAN be done in userspace, should go in userspace.
>
Are we sure that's exactly it ? That way lies _microkernel_.
Linus has said (wrt java binary execution support): "I don't see why
people ... seem to think that all problems go away just by hiding them in
userspace."
Also: "Finally, do not try to hide everything out of the kernel. That is
madness, [explains why]".
Wouldn't it be "What can be done in userspace without unacceptable
degradation of {performance|security|stability} should go in userspace" ?
Or some such criterion ?
> MOST users won't want this undelete stuff. If they DO, then they
> should configure the extra libc-with-undelete.whatever.
>
Shouldn't that read "MOST users _experienced_enough_...". Remember, Linux
is an O/S for the masses, the objective is "World Domination Fast" :-),
most people still think deleting a file is reversible and some still put
typos in rm commands.
> That libc should also provide a symbol called for example
> "real_unlink" to use the system call....
But that is bad. By including an overloaded unlink in the libc you impose
the solution on everyone, which you said you don't want to do. I don't
think that undeleting can be done well without adding some kind of state
in the filesystem. Examples:
1. The user rm's something in the directory /.wastebasket you
proposed. Does it go in /.wastebasket/.wastebasket ? If not, what
if he typed "rm /.wastebasket/* .c" instead of
"rm /.wastebasket/*.c" ?
2. You delete everything on a mounted nfs partition from your solaris
machine which does not support undeleting. Does your /.wastebasket
fill up with 3 GB of archived usenet crud ? Or is .wastebasket a
per partition directory like lost+found ?
3. What happens when you run expire on a newsfeed machine ? What
happens to the spool partition of vger when it is running
Linux ? What happens to the temp files gcc creates ? You have to
link inn and zmailer and sendmail and gcc and uucp and [add
your special program which has a morbid fascination for creating
and immediately deleting an enormous amount of files] with another
kind of libc or modify them to use real_unlink ?
Or you avoid all this and you make it a per partition configurable option,
avoiding it like the plague in /tmp, /var/spool and configuring it on
/home ?
I am sure there are plenty of clever solutions which can be implemented
with minimal overhead in the ext2 filesystem, (maybe making it
configurable: CONFIG_EXT2_UNDELETE) and a suite of user programs for the
management of deleted but not purged files.
Also important is the respect of quotas and permissions.
Sadly I don't know enough about filesystems to implement a stupid solution
so a clever solution is way beyond me, thus on this argument I shut up.
Greetings
Luca Lizzeri
ll@niche.telnetwork.it
lizzeri@mbox.vol.it