From: David Howells <dhowells@warthog.cambridge.redhat.com>
To: Derrick J Brashear <shadow@dementia.org>
Cc: David Howells <dhowells@redhat.com>,
openafs-devel@openafs.org, linux-kernel@vger.kernel.org
Subject: Re: Adding an "acceptable" interface to the Linux kernel for AFS
Date: Fri, 09 May 2003 21:19:42 +0100 [thread overview]
Message-ID: <3043.1052511582@warthog.warthog> (raw)
In-Reply-To: <Pine.GSO.4.55L-032.0305091456240.736@johnstown.andrew.cmu.edu>
Hi Derrick,
> There are valid reasons to allow a PAG to be specified, but only with
> priviledge. e.g. user mode protocol translator (afs to nfs)
I suppose I can do that... I can add a hook to the security framework or add a
an extra capability to allow a finer degree of control.
Perhaps:
newpag() <--- new PAG
setpag(0) <--- no PAG
setpag(>0) <--- join PAG if permitted
> > I suppose I could give both the PAG and the user lists, and search the PAG
> > first, then the user, but what detemines the user? The PAG, the opener of a
> > file or the current process?
>
> The uid of the current process. Again, if you're in a PAG you don't get
> uid tokens. You could create 2 PAG number spaces, 1 using uid
> and one sequential alloc, but then you need more management I guess (or to
> assume kernel code will be able to provide hooks for accepting tokens
> regardless of PAG and just let people who care deal in their code)
Getting the per-user PAG data from the current process becomes a little
trickier when worker kernel threads become involved:-/
Maybe each user_struct should _also_ have a normal PAG associated with
it. Asking for "no PAG" joins the calling process into its owner user's
PAG. Then you only need one number space...
However, doing this would affect authentication tokens for every FS that
stored them in this way, not just AFS (Samba for instance).
> > I don't have documentation on VIOCPREFETCH, but if it's anything like the
> > other two, then it shouldn't be a problem either.
>
> Takes a path to attempt to prefetch as a text string.
I take it that "prefetch" means try and fetch the entire file into the cache?
David
next prev parent reply other threads:[~2003-05-09 20:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-09 10:16 Adding an "acceptable" interface to the Linux kernel for AFS David Howells
2003-05-09 16:40 ` Derrick J Brashear
2003-05-09 17:40 ` David Howells
2003-05-09 19:09 ` Derrick J Brashear
2003-05-09 20:19 ` David Howells [this message]
2003-05-09 20:30 ` Derrick J Brashear
-- strict thread matches above, loose matches on Subject: below --
2003-05-09 21:22 Chuck Ebbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3043.1052511582@warthog.warthog \
--to=dhowells@warthog.cambridge.redhat.com \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=openafs-devel@openafs.org \
--cc=shadow@dementia.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox