Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756104AbbBHJFd (ORCPT <rfc822;w@1wt.eu>);
	Sun, 8 Feb 2015 04:05:33 -0500
Received: from mail-ob0-f181.google.com ([209.85.214.181]:45246 "EHLO
	mail-ob0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755359AbbBHJF0 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 8 Feb 2015 04:05:26 -0500
MIME-Version: 1.0
In-Reply-To: <CAN6A1te-MnOHni2FyNySWOEOwzVkKN7kf-sTeOTXYvMF901ssw@mail.gmail.com>
References: <20150206000356.GA11758@winterfell>
	<CAN6A1te-MnOHni2FyNySWOEOwzVkKN7kf-sTeOTXYvMF901ssw@mail.gmail.com>
Date: Sun, 8 Feb 2015 10:05:25 +0100
X-Google-Sender-Auth: oUmd3TvA5Uux8Yt_gcRLB0uNRAM
Message-ID: <CAMuHMdUNnBmFzsB8rz6afed1SzGPC8VR-Fw-y3-EQHc3jta59w@mail.gmail.com>
Subject: Re: [PATCH v3] kernel: Conditionally support non-root users, groups
 and capabilities
From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Iulia Manda <iulia.manda21@gmail.com>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Josh Triplett <josh@joshtriplett.org>,
        Paul McKenney <paulmck@linux.vnet.ibm.com>,
        Peter Zijlstra <peterz@infradead.org>, Michal Hocko <mhocko@suse.cz>,
        Andrew Morton <akpm@linux-foundation.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Serge Hallyn <serge.hallyn@canonical.com>,
        Darren Hart <dvhart@linux.intel.com>,
        Tim Bird <tim.bird@sonymobile.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2162
Lines: 62

Hi Iulia,

On Fri, Feb 6, 2015 at 2:10 PM, Iulia Manda <iulia.manda21@gmail.com> wrote:
> On 6 February 2015 at 02:03, Iulia Manda <iulia.manda21@gmail.com> wrote:
>> There are a lot of embedded systems that run most or all of their functionality
>> in init, running as root:root. For these systems, supporting multiple users is
>> not necessary.
>>
>> This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for non-root
>> users, non-root groups, and capabilities optional. It is enabled under
>> CONFIG_EXPERT menu.
>>
>> When this symbol is not defined, UID and GID are zero in any possible case
>> and processes always have all capabilities.
>>
>> The following syscalls are compiled out: setuid, setregid, setgid,
>> setreuid, setresuid, getresuid, setresgid, getresgid, setgroups, getgroups,
>> setfsuid, setfsgid, capget, capset.
>>
>> Also, groups.c is compiled out completely.
>>
>> This change saves about 25 KB on a defconfig build.
>>
>> The kernel was booted in Qemu. All the common functionalities work. Adding
>> users/groups is not possible, failing with -ENOSYS.
>>
>> Bloat-o-meter output:
>> add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650)
>>
>
> Forgot to add:
>
> Signed-off-by: Iulia Manda <iulia.manda21@gmail.com>
> Reviewed-by: Josh Triplett <josh@joshtriplett.org>
>
>> ---
>> Changes since v2:
>>         - rename symbol;
>>         - make SECURITY dependent on MULTIUSER
>>
>
> + make symbols depend on MULTIUSER instead of selecting it.

Thanks for the update!

Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/