From: Randy Dunlap <randy.dunlap@oracle.com>
To: Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de>
Cc: linux-kernel@vger.kernel.org, Rod Cordova <rcordova@ethernet.org>
Subject: Re: [PATCH] 2.6.38: access permission filesystem 0.24
Date: Sun, 10 Apr 2011 19:03:05 -0700 [thread overview]
Message-ID: <4DA26159.7050902@oracle.com> (raw)
In-Reply-To: <87sjtpai9d.fsf@rat.lan>
On 4/10/2011 2:50 PM, Olaf Dietsche wrote:
> This *untested* patch adds a new permission managing file system.
> Furthermore, it adds two modules, which make use of this file system.
>
> One module allows granting capabilities based on user-/groupid. The
> second module allows to grant access to lower numbered ports based on
> user-/groupid, too.
>
> Changes:
> - updated to 2.6.38
>
> This patch is available at:
> <http://www.olafdietsche.de/linux/accessfs/>
>
> and attached inline below.
>
> Regards, Olaf
>
> Documentation/filesystems/accessfs.txt | 41 +++
> fs/Kconfig | 1 +
> fs/Makefile | 1 +
> fs/accessfs/Kconfig | 63 +++++
> fs/accessfs/Makefile | 11 +
> fs/accessfs/capabilities.c | 108 ++++++++
> fs/accessfs/inode.c | 432 ++++++++++++++++++++++++++++++++
> fs/accessfs/ip.c | 101 ++++++++
> include/linux/accessfs_fs.h | 42 +++
> include/net/sock.h | 43 ++++
> net/Kconfig | 12 +
> net/Makefile | 1 +
> net/hooks.c | 55 ++++
> net/ipv4/af_inet.c | 2 +-
> net/ipv6/af_inet6.c | 2 +-
> 15 files changed, 913 insertions(+), 2 deletions(-)
+config ACCESSFS_USER_PORTS
+ tristate "User permission based IP ports"
+ depends on ACCESS_FS
+ select NET_HOOKS
+ default n
+ help
+ If you say Y here, you will be able to control access to IP ports
+ based on user-/groupid. For this to work, you must say Y
+ to CONFIG_NET_HOOKS.
That last sentence is handled (in theory) by "select NET_HOOKS", right?
But NET_HOOKS depends on INET && EXPERIMENTAL, so this config should not
select NET_HOOKS unless INET && EXPERIMENTAL are enabled also.
next prev parent reply other threads:[~2011-04-11 2:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.64.1103291321440.32194@fatboy.ethernet.org>
2011-04-10 21:50 ` [PATCH] 2.6.38: access permission filesystem 0.24 Olaf Dietsche
2011-04-11 2:03 ` Randy Dunlap [this message]
2011-04-11 20:47 ` [PATCH] 2.6.38: access permission filesystem 0.25 Olaf Dietsche
2011-04-24 19:09 ` Randy Dunlap
2011-04-26 11:22 ` Olaf Dietsche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DA26159.7050902@oracle.com \
--to=randy.dunlap@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf+list.linux-kernel@olafdietsche.de \
--cc=rcordova@ethernet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.