Re: [PATCH] in-core AFS multiplexor and PAG support

Jan Harkes (jaharkes@cs.cmu.edu)
Tue, 13 May 2003 12:52:24 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Trond Myklebust: "Re: 2.6 must-fix list, v2"
Previous message: Jonathan Matthews: "Re: What exactly does "supports Linux" mean?"
In reply to: Alan Cox: "Re: [PATCH] in-core AFS multiplexor and PAG support"
Next in thread: Linus Torvalds: "Re: [PATCH] in-core AFS multiplexor and PAG support"

On Tue, May 13, 2003 at 04:44:24PM +0100, Alan Cox wrote:
> On Maw, 2003-05-13 at 16:52, Linus Torvalds wrote:
> > I think the code looks pretty horrible, but I think we'll need something
> > like this to keep track of keys. However, I'm not sure we should make this
> > a new structure - I think we should make the current "tsk->user" thing
> > _be_ the "PAG".
>
> With something like SELinux a PAG may belong to a role not to a user
> even though other limits like processes probably belong to the user as a
> whole.
>
> How does AFS currently handle this, can two logins of the same user have
> seperate PAGs ?

Yes, easily and it is useful.

I can start an xterm a new PAG that has administrative rights. Or
various system daemons all running with uid 0, but with different access
rights (sendmail/webserver).

It also goes the other way around, different uid's using the same PAG,
if I run a setuid application it can still access my files.

Jan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Trond Myklebust: "Re: 2.6 must-fix list, v2"
Previous message: Jonathan Matthews: "Re: What exactly does "supports Linux" mean?"
In reply to: Alan Cox: "Re: [PATCH] in-core AFS multiplexor and PAG support"
Next in thread: Linus Torvalds: "Re: [PATCH] in-core AFS multiplexor and PAG support"