tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [RFC] getgroups2 system call



On Wed, Dec 14, 2011 at 09:09:59AM +0000, YAMAMOTO Takashi wrote:
> in my understanding, fuse_getgroups needs to talk with perfused, not kernel.
> so i suggested creating a side channel between fuse_getgroups and perfused.

There is a proposal from fuse-devel mailing list to add FUSE message to
send credentials, but that seems overly complicated: the FUSE client
would have to send secondary group list everytime a new process uses
FUSE, and everytime it uses setgroups(2). Since perfused is not 
explictely notified of setgroups(2) calls, it will have to store secondary 
group lists in perfused for each process, and compare current creds to the 
one stored for every request. 

Additonnallu, A destroy message must be sent when a process terminate so 
that the secondary group list are deleted from the filesystem. Since
perfused does not know when a process terminates, this suggests it will
have a TTL on secondary group list, and send a destroy cred message
on tiemout. 

I am not ready to implement such a complicated scheme.

-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index