Re: [RFC] getgroups2 system call

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: [RFC] getgroups2 system call
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Wed, 14 Dec 2011 10:51:20 +0000

On Wed, Dec 14, 2011 at 09:09:59AM +0000, YAMAMOTO Takashi wrote:
> in my understanding, fuse_getgroups needs to talk with perfused, not kernel.
> so i suggested creating a side channel between fuse_getgroups and perfused.

There is a proposal from fuse-devel mailing list to add FUSE message to
send credentials, but that seems overly complicated: the FUSE client
would have to send secondary group list everytime a new process uses
FUSE, and everytime it uses setgroups(2). Since perfused is not 
explictely notified of setgroups(2) calls, it will have to store secondary 
group lists in perfused for each process, and compare current creds to the 
one stored for every request. 

Additonnallu, A destroy message must be sent when a process terminate so 
that the secondary group list are deleted from the filesystem. Since
perfused does not know when a process terminates, this suggests it will
have a TTL on secondary group list, and send a destroy cred message
on tiemout. 

I am not ready to implement such a complicated scheme.

-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

Follow-Ups:
- Re: [RFC] getgroups2 system call
  - From: David Holland

References:
- Re: [RFC] getgroups2 system call
  - From: Emmanuel Dreyfus
- Re: [RFC] getgroups2 system call
  - From: YAMAMOTO Takashi

Prev by Date: Re: [RFC] getgroups2 system call
Next by Date: Re: [RFC] getgroups2 system call
Previous by Thread: Re: [RFC] getgroups2 system call
Next by Thread: Re: [RFC] getgroups2 system call
Indexes:

Home | Main Index | Thread Index | Old Index