[OpenAFS-devel] Google Summer of Code Student Introduction
David Howells
dhowells@redhat.com
Tue, 22 Apr 2008 18:35:11 +0100
Harald Barth <haba@kth.se> wrote:
> > >>> current->security = PAG2SEC(pagnum);
> > pagnum++;
> > return 0;
> > }
> >
> > You cannot do that!
>
> As you see, it could. You might be able to do it better, so be my
> guest. The code is GPL:ed.
Let me rephrase: obviously you _can_ do that, but that will probably kill any
system that wants to use certain security features, such as SELinux.
task_struct::security is an LSM feature you may not use unless you're an LSM.
By doing what you're doing, you restrict where Arla can be used at best, and
can introduce strange malfunctions at worst.
> This is from the times when the AFS community tried very hard to explain to
> the Linux kernel community what a PAG is. I suppose you can find an email
> archive to freshen your mind.
I know what a PAG is; at least, I think I do. However, others refuse to have
them in the kernel as concepts. I have actually tried to get them added, but
to no avail. keyrings came out of the last attempt to do that. OpenAFS can
use a key to track the PAG.
David