[OpenAFS-devel] 1.4.2rc1 fails on RHEL4 2.6.9 kernel: missing keyring defines?

chas williams - CONTRACTOR chas@cmf.nrl.navy.mil
Thu, 24 Aug 2006 10:42:25 -0400


In message <44EDB4CC.6090607@secure-endpoints.com>,Jeffrey Altman writes:
>What level of implementation is required before the keyring will
>actually work for us?
>
>Perhaps the test needs to be not only the existence of key.h but also
>the definition of KEY_POS_VIEW and KEY_POS_SEARCH.

that i dont know.  the comments that went along with the the possessor
changes say:

    [PATCH] Keys: Add possessor permissions to keys [try #3]
    
    The attached patch adds extra permission grants to keys for the possessor of a
    key in addition to the owner, group and other permissions bits. This makes
    SUID binaries easier to support without going as far as labelling keys and key
    targets using the LSM facilities.

so there might be problems with using the key if you are not the owner
of the key (and not root).  so if you su to nobody you wont be able to
use the key since you would need "other" permissions but are in posession
of the key.  atleast this is my take on the reason keys now have 
possessor permissions.  so pags would be functional but have a slightly
restricted functionality.

but yes, the changes should be tested, but i dont have access to a rhel4 to
do it myself.