Hi,
on several (probably all) of my systems running a 2.6.27 kernel on at
least i386, amd64, ia64, sparc proc/sys does have files not owned by
root:
weasel@villa:~$ find /proc/sys ! -uid 0 -ls
2273612 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:55 /proc/sys/kernel/sched_rt_runtime_us
2273615 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:55 /proc/sys/kernel/core_uses_pid
2273616 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:55 /proc/sys/kernel/core_pattern
2273621 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/hotplug
2273622 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/acct
2273623 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/sysrq
2273624 0 -rw------- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/cad_pid
2273625 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/threads-max
2217102 0 -r--r--r-- 1 joy Debian 0 Nov 16 19:57 /proc/sys/kernel/random/entropy_avail
2273626 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/overflowuid
2273627 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/overflowgid
2273628 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/panic_on_oops
2273635 0 -r--r--r-- 1 nobody nogroup 0 Nov 16 20:55 /proc/sys/kernel/bootloader_type
2273636 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:55 /proc/sys/kernel/kstack_depth_to_print
2273638 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:55 /proc/sys/kernel/randomize_va_space
2273598 0 dr-xr-xr-x 0 weasel Debian 0 Nov 16 20:55 /proc/sys/vm
2209118 0 -r--r--r-- 1 joy Debian 0 Nov 16 19:50 /proc/sys/fs/file-nr
weasel@villa:~$ uname -a
Linux villa 2.6.27.6-dsa-dl380-oldxeon #2 SMP Fri Nov 14 01:40:49 CET 2008 i686 GNU/Linux
weasel@ravel:~$ find /proc/sys ! -uid 0 -ls
3917380 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_latency_ns
3917381 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_wakeup_granularity_ns
3917382 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_shares_ratelimit
3917383 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_child_runs_first
3917384 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_features
3917387 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_rt_period_us
3917388 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_rt_runtime_us
3917389 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_compat_yield
3847910 0 -rw-r--r-- 1 joeyh Debian 0 Nov 16 20:11 /proc/sys/kernel/pid_max
3917373 0 dr-xr-xr-x 0 weasel Debian 0 Nov 16 20:57 /proc/sys/fs
3917376 0 dr-xr-xr-x 0 nagios nagios 0 Nov 16 20:57 /proc/sys/net
weasel@ravel:~$ uname -a
Linux ravel 2.6.27.6-dsa-amd64-opteron #2 SMP Fri Nov 14 01:32:43 CET 2008 x86_64 GNU/Linux
weasel@caballero:~$ find /proc/sys ! -uid 0 -ls
6950 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:48 /proc/sys/kernel/sched_min_granularity_ns
6951 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:48 /proc/sys/kernel/sched_latency_ns
6955 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/sched_features
6959 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/sched_rt_runtime_us
2173 0 -r--r--r-- 1 nobody munin 0 Nov 16 20:35 /proc/sys/kernel/random/entropy_avail
6971 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/overflowuid
6972 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/overflowgid
6973 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/panic_on_oops
6974 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/printk_ratelimit
6975 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/printk_ratelimit_burst
6978 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/softlockup_panic
6979 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/softlockup_thresh
6980 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/hung_task_check_count
1618 0 -r--r--r-- 1 nobody munin 0 Nov 16 20:35 /proc/sys/fs/file-nr
weasel@caballero:~$ uname -a
Linux caballero 2.6.27.2-dsa-mckinley #1 SMP Sun Oct 19 12:14:46 UTC 2008 ia64 GNU/Linux
weasel@spontini:~$ find /proc/sys ! -uid 0 -ls
41263 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/panic
41264 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/core_uses_pid
41267 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/real-root-dev
41271 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/scons-poweroff
41272 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/ctrl-alt-del
41273 0 -r--r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/sg-big-buff
41280 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/printk
41291 0 -r--r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/version
41292 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/hostname
41293 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/domainname
41294 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/shmmax
5299 0 -r--r--r-- 1 nobody munin 0 Nov 16 19:22 /proc/sys/fs/file-nr
41259 0 dr-xr-xr-x 0 weasel Debian 0 Nov 16 20:58 /proc/sys/debug
weasel@spontini:~$ uname -a
Linux spontini 2.6.27.2-dsa-usii #2 SMP Sun Oct 19 16:34:26 CEST 2008 sparc64 GNU/Linux
That's probably not how it should be, right?
Peter
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
On Sunday, 16 of November 2008, Peter Palfrader wrote:
> Hi,
>
> on several (probably all) of my systems running a 2.6.27 kernel on at
> least i386, amd64, ia64, sparc proc/sys does have files not owned by
> root:
Well, my system running 2.6.27.6 doesn't have this problem.
> weasel@villa:~$ find /proc/sys ! -uid 0 -ls
> 2273612 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:55 /proc/sys/kernel/sched_rt_runtime_us
> 2273615 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:55 /proc/sys/kernel/core_uses_pid
> 2273616 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:55 /proc/sys/kernel/core_pattern
> 2273621 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/hotplug
> 2273622 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/acct
> 2273623 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/sysrq
> 2273624 0 -rw------- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/cad_pid
> 2273625 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/threads-max
> 2217102 0 -r--r--r-- 1 joy Debian 0 Nov 16 19:57 /proc/sys/kernel/random/entropy_avail
> 2273626 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/overflowuid
> 2273627 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/overflowgid
> 2273628 0 -rw-r--r-- 1 nobody munin 0 Nov 16 20:55 /proc/sys/kernel/panic_on_oops
> 2273635 0 -r--r--r-- 1 nobody nogroup 0 Nov 16 20:55 /proc/sys/kernel/bootloader_type
> 2273636 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:55 /proc/sys/kernel/kstack_depth_to_print
> 2273638 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:55 /proc/sys/kernel/randomize_va_space
> 2273598 0 dr-xr-xr-x 0 weasel Debian 0 Nov 16 20:55 /proc/sys/vm
> 2209118 0 -r--r--r-- 1 joy Debian 0 Nov 16 19:50 /proc/sys/fs/file-nr
> weasel@villa:~$ uname -a
> Linux villa 2.6.27.6-dsa-dl380-oldxeon #2 SMP Fri Nov 14 01:40:49 CET 2008 i686 GNU/Linux
>
>
> weasel@ravel:~$ find /proc/sys ! -uid 0 -ls
> 3917380 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_latency_ns
> 3917381 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_wakeup_granularity_ns
> 3917382 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_shares_ratelimit
> 3917383 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_child_runs_first
> 3917384 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_features
> 3917387 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_rt_period_us
> 3917388 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_rt_runtime_us
> 3917389 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:57 /proc/sys/kernel/sched_compat_yield
> 3847910 0 -rw-r--r-- 1 joeyh Debian 0 Nov 16 20:11 /proc/sys/kernel/pid_max
> 3917373 0 dr-xr-xr-x 0 weasel Debian 0 Nov 16 20:57 /proc/sys/fs
> 3917376 0 dr-xr-xr-x 0 nagios nagios 0 Nov 16 20:57 /proc/sys/net
> weasel@ravel:~$ uname -a
> Linux ravel 2.6.27.6-dsa-amd64-opteron #2 SMP Fri Nov 14 01:32:43 CET 2008 x86_64 GNU/Linux
>
> weasel@caballero:~$ find /proc/sys ! -uid 0 -ls
> 6950 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:48 /proc/sys/kernel/sched_min_granularity_ns
> 6951 0 -rw-r--r-- 1 weasel Debian 0 Nov 16 20:48 /proc/sys/kernel/sched_latency_ns
> 6955 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/sched_features
> 6959 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/sched_rt_runtime_us
> 2173 0 -r--r--r-- 1 nobody munin 0 Nov 16 20:35 /proc/sys/kernel/random/entropy_avail
> 6971 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/overflowuid
> 6972 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/overflowgid
> 6973 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/panic_on_oops
> 6974 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/printk_ratelimit
> 6975 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/printk_ratelimit_burst
> 6978 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/softlockup_panic
> 6979 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/softlockup_thresh
> 6980 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:48 /proc/sys/kernel/hung_task_check_count
> 1618 0 -r--r--r-- 1 nobody munin 0 Nov 16 20:35 /proc/sys/fs/file-nr
> weasel@caballero:~$ uname -a
> Linux caballero 2.6.27.2-dsa-mckinley #1 SMP Sun Oct 19 12:14:46 UTC 2008 ia64 GNU/Linux
>
> weasel@spontini:~$ find /proc/sys ! -uid 0 -ls
> 41263 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/panic
> 41264 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/core_uses_pid
> 41267 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/real-root-dev
> 41271 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/scons-poweroff
> 41272 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/ctrl-alt-del
> 41273 0 -r--r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/sg-big-buff
> 41280 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/printk
> 41291 0 -r--r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/version
> 41292 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/hostname
> 41293 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/domainname
> 41294 0 -rw-r--r-- 1 nagios nagios 0 Nov 16 20:58 /proc/sys/kernel/shmmax
> 5299 0 -r--r--r-- 1 nobody munin 0 Nov 16 19:22 /proc/sys/fs/file-nr
> 41259 0 dr-xr-xr-x 0 weasel Debian 0 Nov 16 20:58 /proc/sys/debug
> weasel@spontini:~$ uname -a
> Linux spontini 2.6.27.2-dsa-usii #2 SMP Sun Oct 19 16:34:26 CEST 2008 sparc64 GNU/Linux
>
>
> That's probably not how it should be, right?
No, it's not.
Thanks,
Rafael
Confirmed for 2.6.28-rc5.
$ uname -a
Linux faramir 2.6.28-rc5 #55 SMP Sun Nov 16 01:23:28 CET 2008 x86_64 GNU/Linux
$ ls -l /proc/sys/kernel/
total 0
-rw-r--r-- 1 fjp fjp 0 2008-11-16 22:28 acct
-rw-r--r-- 1 root root 0 2008-11-16 22:28 acpi_video_flags
-rw-r--r-- 1 root root 0 2008-11-16 22:28 auto_msgmni
-r--r--r-- 1 root root 0 2008-11-16 22:28 bootloader_type
-rw------- 1 fjp fjp 0 2008-11-16 22:28 cad_pid
-rw-r--r-- 1 root root 0 2008-11-16 22:28 compat-log
[...]
-rw-r--r-- 1 fjp fjp 0 2008-11-16 22:28 latencytop
-rw-r--r-- 1 root root 0 2008-11-16 22:28 max_lock_depth
-rw-r--r-- 1 logcheck logcheck 0 2008-11-16 16:07 modprobe
[...]
dr-xr-xr-x 0 root root 0 2008-11-16 22:28 sched_domain
-rw-r--r-- 1 logcheck logcheck 0 2008-11-16 22:28 sched_features
-rw-r--r-- 1 logcheck logcheck 0 2008-11-16 22:28 sched_latency_ns
-rw-r--r-- 1 logcheck logcheck 0 2008-11-16 22:28 sched_migration_cost
-rw-r--r-- 1 root root 0 2008-11-16 22:28 sched_min_granularity_ns
-rw-r--r-- 1 logcheck logcheck 0 2008-11-16 22:28 sched_nr_migrate
-rw-r--r-- 1 logcheck logcheck 0 2008-11-16 22:28 sched_rt_period_us
-rw-r--r-- 1 fjp fjp 0 2008-11-16 22:28 sched_rt_runtime_us
Confirm too:
maxim@mobile:~$ ls -l /proc/sys/kernel/
total 0
-rw-r--r-- 1 root root 0 2008-11-16 23:35 acct
-rw-r--r-- 1 root root 0 2008-11-16 23:35 acpi_video_flags
-rw-r--r-- 1 maxim maxim 0 2008-11-16 23:35 auto_msgmni
-r--r--r-- 1 root root 0 2008-11-16 23:35 bootloader_type
-rw------- 1 root root 0 2008-11-16 23:35 cad_pid
-rw-r--r-- 1 root root 0 2008-11-16 23:35 core_pattern
-rw-r--r-- 1 root root 0 2008-11-16 23:35 core_uses_pid
-rw-r--r-- 1 root root 0 2008-11-16 23:35 ctrl-alt-del
-rw-r--r-- 1 root root 0 2008-11-16 23:35 domainname
-rw-r--r-- 1 root root 0 2008-11-16 23:35 ftrace_enabled
-rw-r--r-- 1 root root 0 2008-11-16 23:35 hostname
-rw-r--r-- 1 root root 0 2008-11-16 23:35 hotplug
-rw-r--r-- 1 root root 0 2008-11-16 23:35 hung_task_check_count
-rw-r--r-- 1 root root 0 2008-11-16 23:35 hung_task_timeout_secs
-rw-r--r-- 1 root root 0 2008-11-16 23:35 hung_task_warnings
-rw-r--r-- 1 root root 0 2008-11-16 23:35 io_delay_type
dr-xr-xr-x 0 root root 0 2008-11-16 23:35 keys
-rw-r--r-- 1 root root 0 2008-11-16 23:35 kstack_depth_to_print
-rw-r--r-- 1 root root 0 2008-11-16 23:35 maps_protect
-rw-r--r-- 1 root root 0 2008-11-16 23:35 max_lock_depth
-rw-r--r-- 1 root root 0 2008-11-16 23:35 modprobe
-rw-r--r-- 1 maxim maxim 0 2008-11-16 23:35 msgmax
-rw-r--r-- 1 maxim maxim 0 2008-11-16 23:35 msgmnb
-rw-r--r-- 1 maxim maxim 0 2008-11-16 23:35 msgmni
-r--r--r-- 1 root root 0 2008-11-16 15:23 ngroups_max
-rw-r--r-- 1 maxim maxim 0 2008-11-16 23:35 nmi_watchdog
-r--r--r-- 1 root root 0 2008-11-16 23:35 osrelease
-r--r--r-- 1 root root 0 2008-11-16 23:35 ostype
-rw-r--r-- 1 root root 0 2008-11-16 23:35 overflowgid
-rw-r--r-- 1 root root 0 2008-11-16 23:35 overflowuid
-rw-r--r-- 1 root root 0 2008-11-16 23:35 panic
-rw-r--r-- 1 root root 0 2008-11-16 23:35 panic_on_oops
-rw-r--r-- 1 root root 0 2008-11-16 23:35 panic_on_unrecovered_nmi
-rw-r--r-- 1 maxim maxim 0 2008-11-16 17:27 pid_max
-rw-r--r-- 1 root root 0 2008-11-16 23:35 poweroff_cmd
-rw-r--r-- 1 root root 0 2008-11-16 23:35 print-fatal-signals
-rw-r--r-- 1 root root 0 2008-11-16 23:35 printk
-rw-r--r-- 1 root root 0 2008-11-16 23:35 printk_ratelimit
-rw-r--r-- 1 root root 0 2008-11-16 23:35 printk_ratelimit_burst
dr-xr-xr-x 0 maxim maxim 0 2008-11-16 23:35 pty
dr-xr-xr-x 0 root root 0 2008-11-16 23:35 random
-rw-r--r-- 1 root root 0 2008-11-16 23:35 randomize_va_space
-rw-r--r-- 1 root root 0 2008-11-16 23:35 real-root-dev
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_child_runs_first
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_compat_yield
dr-xr-xr-x 0 maxim maxim 0 2008-11-16 23:35 sched_domain
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_features
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_latency_ns
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_migration_cost
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_min_granularity_ns
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_nr_migrate
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_rt_period_us
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_rt_runtime_us
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_shares_ratelimit
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sched_wakeup_granularity_ns
-rw-r--r-- 1 maxim maxim 0 2008-11-16 23:35 sem
-r--r--r-- 1 root root 0 2008-11-16 23:35 sg-big-buff
-rw-r--r-- 1 root root 0 2008-11-16 23:35 shmall
-rw-r--r-- 1 root root 0 2008-11-16 23:35 shmmax
-rw-r--r-- 1 root root 0 2008-11-16 23:35 shmmni
-rw-r--r-- 1 root root 0 2008-11-16 23:35 softlockup_panic
-rw-r--r-- 1 root root 0 2008-11-16 23:35 softlockup_thresh
-rw-r--r-- 1 root root 0 2008-11-16 23:35 sysrq
-rw-r--r-- 1 root root 0 2008-11-16 23:35 tainted
-rw-r--r-- 1 root root 0 2008-11-16 23:35 threads-max
-rw-r--r-- 1 root root 0 2008-11-16 23:35 unknown_nmi_panic
-r--r--r-- 1 root root 0 2008-11-16 23:35 version
maxim@mobile:~$
Frans Pop <[email protected]> writes:
> Confirmed for 2.6.28-rc5.
No problem on my 2.6.27.4.
--
M?ns Rullg?rd
[email protected]
Hi,
Peter Palfrader wrote:
> on several (probably all) of my systems running a 2.6.27 kernel on at
> least i386, amd64, ia64, sparc proc/sys does have files not owned by
> root:
same here:
0 bzed@think:~$ find /proc/sys ! -uid 0
/proc/sys/kernel/shmmni
/proc/sys/kernel/msgmax
/proc/sys/kernel/msgmni
/proc/sys/kernel/msgmnb
/proc/sys/kernel/sem
/proc/sys/fs/quota/allocated_dquots
/proc/sys/fs/quota/free_dquots
/proc/sys/fs/quota/syncs
/proc/sys/fs/quota/warnings
/proc/sys/fs/mqueue/queues_max
/proc/sys/fs/mqueue/msg_max
/proc/sys/fs/mqueue/msgsize_max
/proc/sys/fs/nfs/nlm_grace_period
/proc/sys/fs/nfs/nlm_timeout
/proc/sys/debug
/proc/sys/dev
/proc/sys/dev/raid
/proc/sys/net/ipv4
/proc/sys/net/ipv4/neigh
/proc/sys/net/ipv4/neigh/lo
/proc/sys/net/ipv4/neigh/wlan0
/proc/sys/net/ipv4/neigh/wlan0/retrans_time_ms
/proc/sys/net/ipv6/neigh/lo/retrans_time_ms
/proc/sys/net/ipv6/neigh/lo/base_reachable_time_ms
/proc/sys/net/ipv6/neigh/vbox0
/proc/sys/net/ipv6/neigh/vbox0/retrans_time_ms
/proc/sys/net/ipv6/conf
/proc/sys/net/ipv6/conf/lo/forwarding
/proc/sys/abi
/proc/sys/sunrpc
0 bzed@think:~$ uname -a
Linux think 2.6.27.2-think #1 SMP PREEMPT Thu Oct 23 22:21:17 CEST 2008 x86_64
GNU/Linux
0 bzed@think:~$
> That's probably not how it should be, right?
No...
Cheers,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
GPG Fingerprint: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
On Sun, Nov 16, 2008 at 09:59:22PM +0100, Peter Palfrader wrote:
> Hi,
>
> on several (probably all) of my systems running a 2.6.27 kernel on at
> least i386, amd64, ia64, sparc proc/sys does have files not owned by
> root:
D'oh...
Signed-off-by: Al Viro <[email protected]>
---
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 94fcfff..06ed10b 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -31,6 +31,7 @@ static struct inode *proc_sys_make_inode(struct super_block *sb,
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
inode->i_flags |= S_PRIVATE; /* tell selinux to ignore this inode */
inode->i_mode = table->mode;
+ inode->i_uid = inode->i_gid = 0;
if (!table->child) {
inode->i_mode |= S_IFREG;
inode->i_op = &proc_sys_inode_operations;
On Sun, 16 Nov 2008, Al Viro wrote:
> On Sun, Nov 16, 2008 at 09:59:22PM +0100, Peter Palfrader wrote:
> > Hi,
> >
> > on several (probably all) of my systems running a 2.6.27 kernel on at
> > least i386, amd64, ia64, sparc proc/sys does have files not owned by
> > root:
>
> D'oh...
>
> Signed-off-by: Al Viro <[email protected]>
> ---
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index 94fcfff..06ed10b 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -31,6 +31,7 @@ static struct inode *proc_sys_make_inode(struct super_block *sb,
> inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
> inode->i_flags |= S_PRIVATE; /* tell selinux to ignore this inode */
> inode->i_mode = table->mode;
> + inode->i_uid = inode->i_gid = 0;
> if (!table->child) {
> inode->i_mode |= S_IFREG;
> inode->i_op = &proc_sys_inode_operations;
Works on the one host that I tested.
Thanks.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
On 11/16/2008 11:19 PM, Al Viro wrote:
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -31,6 +31,7 @@ static struct inode *proc_sys_make_inode(struct super_block *sb,
> inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
> inode->i_flags |= S_PRIVATE; /* tell selinux to ignore this inode */
And what about this ^, is it OK?
On Sun, Nov 16, 2008 at 11:44:11PM +0100, Jiri Slaby wrote:
> On 11/16/2008 11:19 PM, Al Viro wrote:
> > --- a/fs/proc/proc_sysctl.c
> > +++ b/fs/proc/proc_sysctl.c
> > @@ -31,6 +31,7 @@ static struct inode *proc_sys_make_inode(struct super_block *sb,
> > inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
> > inode->i_flags |= S_PRIVATE; /* tell selinux to ignore this inode */
>
> And what about this ^, is it OK?
Yes, it is. i_flags is initialized.
On Sun, 16 Nov 2008, Al Viro wrote:
>
> D'oh...
So I applied this, but I wonder if it might not be nice to make
new_inode() (or rather - 'alloc_inode()') initialize some more of the
really core members.
We already initialize a _lot_ of fields, including fields that most
filesystem would likely end up re-initializing when reading an inode (like
i_size and i_nlink). Maybe it would be more sensible to initialize
i_gid/uid there too, when we are guaranteed to have that cacheline dirty
anyway (because we're initializing everything around those fields).
But I guess it's not a huge deal.
Linus
On Sun, Nov 16, 2008 at 03:23:47PM -0800, Linus Torvalds wrote:
>
>
> On Sun, 16 Nov 2008, Al Viro wrote:
> >
> > D'oh...
>
> So I applied this, but I wonder if it might not be nice to make
> new_inode() (or rather - 'alloc_inode()') initialize some more of the
> really core members.
>
> We already initialize a _lot_ of fields, including fields that most
> filesystem would likely end up re-initializing when reading an inode (like
> i_size and i_nlink). Maybe it would be more sensible to initialize
> i_gid/uid there too, when we are guaranteed to have that cacheline dirty
> anyway (because we're initializing everything around those fields).
*nod*
It certainly makes sense to do it in a uniform way - there's enough
users of new_inode() that want exactly that. I'll do that as soon
as I get from under a huge pile of pending mail ;-/
ObPendingStuff: would you mind a series of section annotations? That's
a bunch of trivial one-liners and it kills the section noise - the remaining
ones are few and tricky. It had sat around in my tree for several weeks
and I can certainly carry it until the next cycle, but OTOH this stuff
*is* trivial and the noise is annoying as hell.
On Mon, 17 Nov 2008, Al Viro wrote:
> >
> > We already initialize a _lot_ of fields, including fields that most
> > filesystem would likely end up re-initializing when reading an inode (like
> > i_size and i_nlink). Maybe it would be more sensible to initialize
> > i_gid/uid there too, when we are guaranteed to have that cacheline dirty
> > anyway (because we're initializing everything around those fields).
>
> *nod*
>
> It certainly makes sense to do it in a uniform way - there's enough
> users of new_inode() that want exactly that. I'll do that as soon
> as I get from under a huge pile of pending mail ;-/
Ok. I think zeroing i_mode might be a good idea too. Just to make sure..
> ObPendingStuff: would you mind a series of section annotations? That's
> a bunch of trivial one-liners and it kills the section noise - the remaining
> ones are few and tricky. It had sat around in my tree for several weeks
> and I can certainly carry it until the next cycle, but OTOH this stuff
> *is* trivial and the noise is annoying as hell.
Yeah, it would be good to get rid of at least the bulk of the section
warnings. A lot of them have historically been 100% real problems.
Linus