diff for duplicates of <1502464329.5352.1.camel@primarydata.com> diff --git a/a/1.txt b/N1/1.txt index 08a5df6..f4f9126 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,47 +1,32 @@ -On Fri, 2017-08-11 at 10:22 -0400, Jeff Layton wrote: -> I think I wasn't clear here. I'm not proposing that you move everyone -> to -> KEYRING: credcaches. This would not be a visible change to userland. -> We'd still use rpc.gssd to upcall for creds. -> -> What I'm saying is that instead of storing the creds in a hashtable -> like -> we do today, we'd just stash them in one of the keyrings hanging off -> of -> struct cred. -> -> Change all of the authgss_ops operations to do query/store from the -> appropriate keyring directly. With that, the effective lifetime of -> GSSAPI creds would be bounded by the lifetime of the keyrings that -> hold -> references to it. -> -> We'd probably need a new key_type for this to ensure that this -> couldn't -> be manipulated directly from userland. Or...maybe you'd still want to -> allow userland to destroy the creds? No need for a new syscall with -> that -> -- they can just do a "keyctl unlink". There are a lot of options -> here. -> -> It's a non-trivial amount of work though (rpcauth_lookupcred() on -> down -> would probably need to be reworked) and I haven't looked at it -> detail. -> Still, it seems like it could be a more modern and cleaner design -> than -> what we have today. -> - -The main annoyance with going from a global to a local cache such as -the keyrings is that it makes comparing credentials a lot more work. -Today, because the credentials are essentially unique per server, we -just do pointer comparisons. Once we have non-global caches, we would -need to do more elaborate comparisons to ensure that the uid, gid, and -list of groups match. -That's also why we never made the leap to using 'struct cred', btw... - --- -Trond Myklebust -Linux NFS client maintainer, PrimaryData -trond.myklebust@primarydata.com +T24gRnJpLCAyMDE3LTA4LTExIGF0IDEwOjIyIC0wNDAwLCBKZWZmIExheXRvbiB3cm90ZToNCj4g +SSB0aGluayBJIHdhc24ndCBjbGVhciBoZXJlLiBJJ20gbm90IHByb3Bvc2luZyB0aGF0IHlvdSBt +b3ZlIGV2ZXJ5b25lDQo+IHRvDQo+IEtFWVJJTkc6IGNyZWRjYWNoZXMuIFRoaXMgd291bGQgbm90 +IGJlIGEgdmlzaWJsZSBjaGFuZ2UgdG8gdXNlcmxhbmQuDQo+IFdlJ2Qgc3RpbGwgdXNlIHJwYy5n +c3NkIHRvIHVwY2FsbCBmb3IgY3JlZHMuDQo+IA0KPiBXaGF0IEknbSBzYXlpbmcgaXMgdGhhdCBp +bnN0ZWFkIG9mIHN0b3JpbmcgdGhlIGNyZWRzIGluIGEgaGFzaHRhYmxlDQo+IGxpa2UNCj4gd2Ug +ZG8gdG9kYXksIHdlJ2QganVzdCBzdGFzaCB0aGVtIGluIG9uZSBvZiB0aGUga2V5cmluZ3MgaGFu +Z2luZyBvZmYNCj4gb2YNCj4gc3RydWN0IGNyZWQuDQo+IA0KPiBDaGFuZ2UgYWxsIG9mIHRoZSBh +dXRoZ3NzX29wcyBvcGVyYXRpb25zIHRvIGRvIHF1ZXJ5L3N0b3JlIGZyb20gdGhlDQo+IGFwcHJv +cHJpYXRlIGtleXJpbmcgZGlyZWN0bHkuIFdpdGggdGhhdCwgdGhlIGVmZmVjdGl2ZSBsaWZldGlt +ZSBvZg0KPiBHU1NBUEkgY3JlZHMgd291bGQgYmUgYm91bmRlZCBieSB0aGUgbGlmZXRpbWUgb2Yg +dGhlIGtleXJpbmdzIHRoYXQNCj4gaG9sZA0KPiByZWZlcmVuY2VzIHRvIGl0Lg0KPiANCj4gV2Un +ZCBwcm9iYWJseSBuZWVkIGEgbmV3IGtleV90eXBlIGZvciB0aGlzIHRvIGVuc3VyZSB0aGF0IHRo +aXMNCj4gY291bGRuJ3QNCj4gYmUgbWFuaXB1bGF0ZWQgZGlyZWN0bHkgZnJvbSB1c2VybGFuZC4g +T3IuLi5tYXliZSB5b3UnZCBzdGlsbCB3YW50IHRvDQo+IGFsbG93IHVzZXJsYW5kIHRvIGRlc3Ry +b3kgdGhlIGNyZWRzPyBObyBuZWVkIGZvciBhIG5ldyBzeXNjYWxsIHdpdGgNCj4gdGhhdA0KPiAt +LSB0aGV5IGNhbiBqdXN0IGRvIGEgImtleWN0bCB1bmxpbmsiLiBUaGVyZSBhcmUgYSBsb3Qgb2Yg +b3B0aW9ucw0KPiBoZXJlLg0KPiANCj4gSXQncyBhIG5vbi10cml2aWFsIGFtb3VudCBvZiB3b3Jr +IHRob3VnaCAocnBjYXV0aF9sb29rdXBjcmVkKCkgb24NCj4gZG93bg0KPiB3b3VsZCBwcm9iYWJs +eSBuZWVkIHRvIGJlIHJld29ya2VkKSBhbmQgSSBoYXZlbid0IGxvb2tlZCBhdCBpdA0KPiBkZXRh +aWwuDQo+IFN0aWxsLCBpdCBzZWVtcyBsaWtlIGl0IGNvdWxkIGJlIGEgbW9yZSBtb2Rlcm4gYW5k +IGNsZWFuZXIgZGVzaWduDQo+IHRoYW4NCj4gd2hhdCB3ZSBoYXZlIHRvZGF5Lg0KPiANCg0KVGhl +IG1haW4gYW5ub3lhbmNlIHdpdGggZ29pbmcgZnJvbSBhIGdsb2JhbCB0byBhIGxvY2FsIGNhY2hl +IHN1Y2ggYXMNCnRoZSBrZXlyaW5ncyBpcyB0aGF0IGl0IG1ha2VzIGNvbXBhcmluZyBjcmVkZW50 +aWFscyBhIGxvdCBtb3JlIHdvcmsuDQpUb2RheSwgYmVjYXVzZSB0aGUgY3JlZGVudGlhbHMgYXJl +IGVzc2VudGlhbGx5IHVuaXF1ZSBwZXIgc2VydmVyLCB3ZQ0KanVzdCBkbyBwb2ludGVyIGNvbXBh +cmlzb25zLiBPbmNlIHdlIGhhdmUgbm9uLWdsb2JhbCBjYWNoZXMsIHdlIHdvdWxkDQpuZWVkIHRv +IGRvIG1vcmUgZWxhYm9yYXRlIGNvbXBhcmlzb25zIHRvIGVuc3VyZSB0aGF0IHRoZSB1aWQsIGdp +ZCwgYW5kDQpsaXN0IG9mIGdyb3VwcyBtYXRjaC4NClRoYXQncyBhbHNvIHdoeSB3ZSBuZXZlciBt +YWRlIHRoZSBsZWFwIHRvIHVzaW5nICdzdHJ1Y3QgY3JlZCcsIGJ0dy4uLg0KDQotLSANClRyb25k +IE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVyLCBQcmltYXJ5RGF0YQ0KdHJv +bmQubXlrbGVidXN0QHByaW1hcnlkYXRhLmNvbQ0K diff --git a/a/content_digest b/N1/content_digest index 616d36d..56067c6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,65 +5,49 @@ "ref\01502450305.4950.4.camel@redhat.com\0" "ref\0E127503D-3DFC-4FD3-99F6-012D100C168B@netapp.com\0" "ref\01502461341.4762.1.camel@redhat.com\0" - "ref\01502461341.4762.1.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org\0" - "From\0Trond Myklebust <trondmy-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org>\0" + "From\0Trond Myklebust <trondmy@primarydata.com>\0" "Subject\0Re: [RFC 1/1] destroy_creds.2: new page documenting destroy_creds()\0" "Date\0Fri, 11 Aug 2017 15:12:13 +0000\0" - "To\0jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>" - " kolga-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org <kolga-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>\0" - "Cc\0dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>" - neilb-IBi9RG/b67k@public.gmane.org <neilb-IBi9RG/b67k@public.gmane.org> - linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org <linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - " linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org <linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>\0" + "To\0jlayton@redhat.com <jlayton@redhat.com>" + " kolga@netapp.com <kolga@netapp.com>\0" + "Cc\0dhowells@redhat.com <dhowells@redhat.com>" + neilb@suse.com <neilb@suse.com> + linux-nfs@vger.kernel.org <linux-nfs@vger.kernel.org> + linux-api@vger.kernel.org <linux-api@vger.kernel.org> + " linux-fsdevel@vger.kernel.org <linux-fsdevel@vger.kernel.org>\0" "\00:1\0" "b\0" - "On Fri, 2017-08-11 at 10:22 -0400, Jeff Layton wrote:\n" - "> I think I wasn't clear here. I'm not proposing that you move everyone\n" - "> to\n" - "> KEYRING: credcaches. This would not be a visible change to userland.\n" - "> We'd still use rpc.gssd to upcall for creds.\n" - "> \n" - "> What I'm saying is that instead of storing the creds in a hashtable\n" - "> like\n" - "> we do today, we'd just stash them in one of the keyrings hanging off\n" - "> of\n" - "> struct cred.\n" - "> \n" - "> Change all of the authgss_ops operations to do query/store from the\n" - "> appropriate keyring directly. With that, the effective lifetime of\n" - "> GSSAPI creds would be bounded by the lifetime of the keyrings that\n" - "> hold\n" - "> references to it.\n" - "> \n" - "> We'd probably need a new key_type for this to ensure that this\n" - "> couldn't\n" - "> be manipulated directly from userland. Or...maybe you'd still want to\n" - "> allow userland to destroy the creds? No need for a new syscall with\n" - "> that\n" - "> -- they can just do a \"keyctl unlink\". There are a lot of options\n" - "> here.\n" - "> \n" - "> It's a non-trivial amount of work though (rpcauth_lookupcred() on\n" - "> down\n" - "> would probably need to be reworked) and I haven't looked at it\n" - "> detail.\n" - "> Still, it seems like it could be a more modern and cleaner design\n" - "> than\n" - "> what we have today.\n" - "> \n" - "\n" - "The main annoyance with going from a global to a local cache such as\n" - "the keyrings is that it makes comparing credentials a lot more work.\n" - "Today, because the credentials are essentially unique per server, we\n" - "just do pointer comparisons. Once we have non-global caches, we would\n" - "need to do more elaborate comparisons to ensure that the uid, gid, and\n" - "list of groups match.\n" - "That's also why we never made the leap to using 'struct cred', btw...\n" - "\n" - "-- \n" - "Trond Myklebust\n" - "Linux NFS client maintainer, PrimaryData\n" - trond.myklebust@primarydata.com + "T24gRnJpLCAyMDE3LTA4LTExIGF0IDEwOjIyIC0wNDAwLCBKZWZmIExheXRvbiB3cm90ZToNCj4g\n" + "SSB0aGluayBJIHdhc24ndCBjbGVhciBoZXJlLiBJJ20gbm90IHByb3Bvc2luZyB0aGF0IHlvdSBt\n" + "b3ZlIGV2ZXJ5b25lDQo+IHRvDQo+IEtFWVJJTkc6IGNyZWRjYWNoZXMuIFRoaXMgd291bGQgbm90\n" + "IGJlIGEgdmlzaWJsZSBjaGFuZ2UgdG8gdXNlcmxhbmQuDQo+IFdlJ2Qgc3RpbGwgdXNlIHJwYy5n\n" + "c3NkIHRvIHVwY2FsbCBmb3IgY3JlZHMuDQo+IA0KPiBXaGF0IEknbSBzYXlpbmcgaXMgdGhhdCBp\n" + "bnN0ZWFkIG9mIHN0b3JpbmcgdGhlIGNyZWRzIGluIGEgaGFzaHRhYmxlDQo+IGxpa2UNCj4gd2Ug\n" + "ZG8gdG9kYXksIHdlJ2QganVzdCBzdGFzaCB0aGVtIGluIG9uZSBvZiB0aGUga2V5cmluZ3MgaGFu\n" + "Z2luZyBvZmYNCj4gb2YNCj4gc3RydWN0IGNyZWQuDQo+IA0KPiBDaGFuZ2UgYWxsIG9mIHRoZSBh\n" + "dXRoZ3NzX29wcyBvcGVyYXRpb25zIHRvIGRvIHF1ZXJ5L3N0b3JlIGZyb20gdGhlDQo+IGFwcHJv\n" + "cHJpYXRlIGtleXJpbmcgZGlyZWN0bHkuIFdpdGggdGhhdCwgdGhlIGVmZmVjdGl2ZSBsaWZldGlt\n" + "ZSBvZg0KPiBHU1NBUEkgY3JlZHMgd291bGQgYmUgYm91bmRlZCBieSB0aGUgbGlmZXRpbWUgb2Yg\n" + "dGhlIGtleXJpbmdzIHRoYXQNCj4gaG9sZA0KPiByZWZlcmVuY2VzIHRvIGl0Lg0KPiANCj4gV2Un\n" + "ZCBwcm9iYWJseSBuZWVkIGEgbmV3IGtleV90eXBlIGZvciB0aGlzIHRvIGVuc3VyZSB0aGF0IHRo\n" + "aXMNCj4gY291bGRuJ3QNCj4gYmUgbWFuaXB1bGF0ZWQgZGlyZWN0bHkgZnJvbSB1c2VybGFuZC4g\n" + "T3IuLi5tYXliZSB5b3UnZCBzdGlsbCB3YW50IHRvDQo+IGFsbG93IHVzZXJsYW5kIHRvIGRlc3Ry\n" + "b3kgdGhlIGNyZWRzPyBObyBuZWVkIGZvciBhIG5ldyBzeXNjYWxsIHdpdGgNCj4gdGhhdA0KPiAt\n" + "LSB0aGV5IGNhbiBqdXN0IGRvIGEgImtleWN0bCB1bmxpbmsiLiBUaGVyZSBhcmUgYSBsb3Qgb2Yg\n" + "b3B0aW9ucw0KPiBoZXJlLg0KPiANCj4gSXQncyBhIG5vbi10cml2aWFsIGFtb3VudCBvZiB3b3Jr\n" + "IHRob3VnaCAocnBjYXV0aF9sb29rdXBjcmVkKCkgb24NCj4gZG93bg0KPiB3b3VsZCBwcm9iYWJs\n" + "eSBuZWVkIHRvIGJlIHJld29ya2VkKSBhbmQgSSBoYXZlbid0IGxvb2tlZCBhdCBpdA0KPiBkZXRh\n" + "aWwuDQo+IFN0aWxsLCBpdCBzZWVtcyBsaWtlIGl0IGNvdWxkIGJlIGEgbW9yZSBtb2Rlcm4gYW5k\n" + "IGNsZWFuZXIgZGVzaWduDQo+IHRoYW4NCj4gd2hhdCB3ZSBoYXZlIHRvZGF5Lg0KPiANCg0KVGhl\n" + "IG1haW4gYW5ub3lhbmNlIHdpdGggZ29pbmcgZnJvbSBhIGdsb2JhbCB0byBhIGxvY2FsIGNhY2hl\n" + "IHN1Y2ggYXMNCnRoZSBrZXlyaW5ncyBpcyB0aGF0IGl0IG1ha2VzIGNvbXBhcmluZyBjcmVkZW50\n" + "aWFscyBhIGxvdCBtb3JlIHdvcmsuDQpUb2RheSwgYmVjYXVzZSB0aGUgY3JlZGVudGlhbHMgYXJl\n" + "IGVzc2VudGlhbGx5IHVuaXF1ZSBwZXIgc2VydmVyLCB3ZQ0KanVzdCBkbyBwb2ludGVyIGNvbXBh\n" + "cmlzb25zLiBPbmNlIHdlIGhhdmUgbm9uLWdsb2JhbCBjYWNoZXMsIHdlIHdvdWxkDQpuZWVkIHRv\n" + "IGRvIG1vcmUgZWxhYm9yYXRlIGNvbXBhcmlzb25zIHRvIGVuc3VyZSB0aGF0IHRoZSB1aWQsIGdp\n" + "ZCwgYW5kDQpsaXN0IG9mIGdyb3VwcyBtYXRjaC4NClRoYXQncyBhbHNvIHdoeSB3ZSBuZXZlciBt\n" + "YWRlIHRoZSBsZWFwIHRvIHVzaW5nICdzdHJ1Y3QgY3JlZCcsIGJ0dy4uLg0KDQotLSANClRyb25k\n" + "IE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVyLCBQcmltYXJ5RGF0YQ0KdHJv\n" + bmQubXlrbGVidXN0QHByaW1hcnlkYXRhLmNvbQ0K -c9b23722771566309ac92e46d9708e59e4ce73d08be511596d28fc781eebf6c0 +4dcb8361e0110ff39d669de36d60ee2b977109cd23fa439add04e26eb2468578
diff --git a/a/content_digest b/N2/content_digest index 616d36d..cfa6305 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -5,17 +5,16 @@ "ref\01502450305.4950.4.camel@redhat.com\0" "ref\0E127503D-3DFC-4FD3-99F6-012D100C168B@netapp.com\0" "ref\01502461341.4762.1.camel@redhat.com\0" - "ref\01502461341.4762.1.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org\0" - "From\0Trond Myklebust <trondmy-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org>\0" + "From\0Trond Myklebust <trondmy@primarydata.com>\0" "Subject\0Re: [RFC 1/1] destroy_creds.2: new page documenting destroy_creds()\0" "Date\0Fri, 11 Aug 2017 15:12:13 +0000\0" - "To\0jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>" - " kolga-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org <kolga-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>\0" - "Cc\0dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>" - neilb-IBi9RG/b67k@public.gmane.org <neilb-IBi9RG/b67k@public.gmane.org> - linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org <linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> - " linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org <linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>\0" + "To\0jlayton@redhat.com <jlayton@redhat.com>" + " kolga@netapp.com <kolga@netapp.com>\0" + "Cc\0dhowells@redhat.com <dhowells@redhat.com>" + neilb@suse.com <neilb@suse.com> + linux-nfs@vger.kernel.org <linux-nfs@vger.kernel.org> + linux-api@vger.kernel.org <linux-api@vger.kernel.org> + " linux-fsdevel@vger.kernel.org <linux-fsdevel@vger.kernel.org>\0" "\00:1\0" "b\0" "On Fri, 2017-08-11 at 10:22 -0400, Jeff Layton wrote:\n" @@ -66,4 +65,4 @@ "Linux NFS client maintainer, PrimaryData\n" trond.myklebust@primarydata.com -c9b23722771566309ac92e46d9708e59e4ce73d08be511596d28fc781eebf6c0 +79f241ce6cc006933b52400623017bb4b28dd40eda8bcd4d2e965d0281552fd6
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.