Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263390AbTEIUHT (ORCPT ); Fri, 9 May 2003 16:07:19 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263427AbTEIUHT (ORCPT ); Fri, 9 May 2003 16:07:19 -0400 Received: from 237.oncolt.com ([213.86.99.237]:28664 "EHLO warthog.warthog") by vger.kernel.org with ESMTP id S263390AbTEIUHR (ORCPT ); Fri, 9 May 2003 16:07:17 -0400 To: Derrick J Brashear cc: David Howells , openafs-devel@openafs.org, linux-kernel@vger.kernel.org Subject: Re: Adding an "acceptable" interface to the Linux kernel for AFS In-Reply-To: User-Agent: EMH/1.14.1 SEMI/1.14.4 (Hosorogi) FLIM/1.14.4 (=?ISO-8859-4?Q?Kashiharajing=FE-mae?=) APEL/10.4 Emacs/21.2 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi") Content-Type: text/plain; charset=US-ASCII Date: Fri, 09 May 2003 21:19:42 +0100 Message-ID: <3043.1052511582@warthog.warthog> From: David Howells Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1904 Lines: 48 Hi Derrick, > There are valid reasons to allow a PAG to be specified, but only with > priviledge. e.g. user mode protocol translator (afs to nfs) I suppose I can do that... I can add a hook to the security framework or add a an extra capability to allow a finer degree of control. Perhaps: newpag() <--- new PAG setpag(0) <--- no PAG setpag(>0) <--- join PAG if permitted > > I suppose I could give both the PAG and the user lists, and search the PAG > > first, then the user, but what detemines the user? The PAG, the opener of a > > file or the current process? > > The uid of the current process. Again, if you're in a PAG you don't get > uid tokens. You could create 2 PAG number spaces, 1 using uid > and one sequential alloc, but then you need more management I guess (or to > assume kernel code will be able to provide hooks for accepting tokens > regardless of PAG and just let people who care deal in their code) Getting the per-user PAG data from the current process becomes a little trickier when worker kernel threads become involved:-/ Maybe each user_struct should _also_ have a normal PAG associated with it. Asking for "no PAG" joins the calling process into its owner user's PAG. Then you only need one number space... However, doing this would affect authentication tokens for every FS that stored them in this way, not just AFS (Samba for instance). > > I don't have documentation on VIOCPREFETCH, but if it's anything like the > > other two, then it shouldn't be a problem either. > > Takes a path to attempt to prefetch as a text string. I take it that "prefetch" means try and fetch the entire file into the cache? David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/