[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [RFC] getgroups2 system call
On Wed, Dec 14, 2011 at 09:09:59AM +0000, YAMAMOTO Takashi wrote:
> in my understanding, fuse_getgroups needs to talk with perfused, not kernel.
> so i suggested creating a side channel between fuse_getgroups and perfused.
There is a proposal from fuse-devel mailing list to add FUSE message to
send credentials, but that seems overly complicated: the FUSE client
would have to send secondary group list everytime a new process uses
FUSE, and everytime it uses setgroups(2). Since perfused is not
explictely notified of setgroups(2) calls, it will have to store secondary
group lists in perfused for each process, and compare current creds to the
one stored for every request.
Additonnallu, A destroy message must be sent when a process terminate so
that the secondary group list are deleted from the filesystem. Since
perfused does not know when a process terminates, this suggests it will
have a TTL on secondary group list, and send a destroy cred message
I am not ready to implement such a complicated scheme.
Main Index |
Thread Index |