[OpenAFS-devel] keyring/pag support for linux

[Jeffrey Hutzelman]

On Thursday, July 20, 2006 08:42:24 AM +0100 Simon Wilkinson 
<sxw@inf.ed.ac.uk> wrote:

>
> On 20 Jul 2006, at 04:39, Ken Hornstein wrote:
>
>>>> If we do nothing, there will be no pags in the linux client.
>>>
>>> People have been saying that for years; it hasn't happened yet.
>>> How about less alarmism and more good engineering practice?
>>
>> Actually, you're wrong there.  I believe it's Linux amd64 systems that
>> make the system call table readonly.  Those systems don't have pags
>> (maybe it's not amd64, but whatever it is, we have one of them).

I'm not wrong; recent versions of Linux have the option of making certain 
things read-only, but do not have that feature enabled by default.  Even on 
systems where CONFIG_DEBUG_RODATA is disabled, you get PAG's; they just 
don't survive setgroups.  We could work around this; we've simply chosen 
not to, for now.

> With RedHat, this is true for all kernels that ship with FC5 (and
> perhaps FC4, I haven't checked). There is a workaround, for i386 at
> least, of rebuilding the kernel with CONFIG_DEBUG_RODATA disabled.

Or not using RedHat's kernels at all, which is what we've done ~forever.