From: David Howells <dhowells@redhat.com>
To: Kyle Moffett <mrlinuxman@mac.com>
Cc: dhowells@redhat.com, sds@tycho.nsa.gov, casey@schaufler-ca.com,
Trond.Myklebust@netapp.com, npiggin@suse.de,
linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH 00/26] Permit filesystem local caching
Date: Wed, 16 Jan 2008 16:55:31 +0000 [thread overview]
Message-ID: <30682.1200502531@redhat.com> (raw)
In-Reply-To: <AEF7FD5A-F622-46A1-8034-2FAF10CEBA46@mac.com>
Kyle Moffett <mrlinuxman@mac.com> wrote:
> One vaguely related question: Is there presently any way to adjust the
> per-user max-key-data limit?
There's no reason there can't be. It just needs a policy deciding. Do we
have:
(1) One control for all.
(2) One control for all non-root users; no quotas on root.
(3) One control for root, one control for all non-root users.
(3) Separate controls for all users.
Should this be a ulimit? Should a non-root user be able to adjust their own
quotas within limits set by root?
How should the quota be accessed? The obvious way is to have /proc or /sys
controls.
Non-root quotas tend to be transitory. When the user_struct pinning them goes
out of scope, they tend to disappear. How do we recover the settings, if at
all?
David
prev parent reply other threads:[~2008-01-16 16:55 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-15 23:46 [PATCH 00/26] Permit filesystem local caching David Howells
2008-01-15 23:46 ` [PATCH 01/26] KEYS: Increase the payload size when instantiating a key David Howells
2008-01-15 23:47 ` [PATCH 02/26] KEYS: Check starting keyring as part of search David Howells
2008-01-15 23:47 ` [PATCH 03/26] KEYS: Allow the callout data to be passed as a blob rather than a string David Howells
2008-01-15 23:47 ` [PATCH 04/26] KEYS: Add keyctl function to get a security label David Howells
2008-01-16 15:47 ` Stephen Smalley
2008-01-15 23:47 ` [PATCH 05/26] Security: Change current->fs[ug]id to current_fs[ug]id() David Howells
2008-01-15 23:47 ` [PATCH 06/26] Security: Separate task security context from task_struct David Howells
2008-01-17 17:14 ` [PATCH 06a/26] Extra task_struct -> task_security separation David Howells
2008-01-17 17:17 ` [PATCH 06b/26] Security: Make NFSD work with detached security David Howells
2008-01-17 20:48 ` J. Bruce Fields
2008-01-17 22:48 ` David Howells
2008-01-17 23:02 ` David Howells
2008-01-15 23:47 ` [PATCH 07/26] Security: De-embed task security record from task and use refcounting David Howells
2008-01-15 23:47 ` [PATCH 08/26] Add a secctx_to_secid() LSM hook to go along with the existing David Howells
2008-01-16 1:05 ` James Morris
2008-01-16 13:41 ` Paul Moore
2008-01-16 17:08 ` Casey Schaufler
2008-01-16 22:13 ` James Morris
2008-01-16 22:19 ` Paul Moore
2008-01-15 23:47 ` [PATCH 09/26] Security: Pre-add additional non-caching classes David Howells
2008-01-15 23:47 ` [PATCH 10/26] Security: Add a kernel_service object class to SELinux David Howells
2008-01-15 23:47 ` [PATCH 11/26] Security: Allow kernel services to override LSM settings for task actions David Howells
2008-01-15 23:47 ` [PATCH 12/26] FS-Cache: Release page->private after failed readahead David Howells
2008-01-15 23:48 ` [PATCH 13/26] FS-Cache: Recruit a couple of page flags for cache management David Howells
2008-01-15 23:48 ` [PATCH 14/26] FS-Cache: Provide an add_wait_queue_tail() function David Howells
2008-01-15 23:48 ` [PATCH 15/26] FS-Cache: Generic filesystem caching facility David Howells
2008-01-15 23:48 ` [PATCH 16/26] CacheFiles: Add missing copy_page export for ia64 David Howells
2008-01-15 23:48 ` [PATCH 17/26] CacheFiles: Be consistent about the use of mapping vs file->f_mapping in Ext3 David Howells
2008-01-15 23:48 ` [PATCH 18/26] CacheFiles: Add a hook to write a single page of data to an inode David Howells
2008-01-15 23:48 ` [PATCH 19/26] CacheFiles: Permit the page lock state to be monitored David Howells
2008-01-15 23:48 ` [PATCH 20/26] CacheFiles: Export things for CacheFiles David Howells
2008-01-15 23:48 ` [PATCH 21/26] CacheFiles: A cache that backs onto a mounted filesystem David Howells
2008-01-15 23:48 ` [PATCH 22/26] NFS: Fix memory leak David Howells
2008-01-15 23:48 ` [PATCH 23/26] NFS: Use local caching David Howells
2008-01-15 23:49 ` [PATCH 24/26] NFS: Configuration and mount option changes to enable local caching on NFS David Howells
2008-01-15 23:49 ` [PATCH 25/26] NFS: Display local caching state David Howells
2008-01-15 23:49 ` [PATCH 26/26] NFS: Separate caching by superblock, explicitly if necessary David Howells
2008-01-16 0:58 ` [PATCH 00/26] Permit filesystem local caching James Morris
2008-01-16 16:48 ` David Howells
2008-01-16 1:52 ` James Morris
2008-01-16 2:24 ` Kyle Moffett
2008-01-16 16:55 ` David Howells [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30682.1200502531@redhat.com \
--to=dhowells@redhat.com \
--cc=Trond.Myklebust@netapp.com \
--cc=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mrlinuxman@mac.com \
--cc=npiggin@suse.de \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox