[OpenAFS] aklog -setpag results in empty pag in RHEL5, openafs 1.4.11 - keyring gets destroyed
Simon Wilkinson
sxw@inf.ed.ac.uk
Fri, 5 Feb 2010 18:08:20 +0100
On 5 Feb 2010, at 14:23, Rainer Toebbicke wrote:
> aklog -setpag does not work as expected under Openafs 1.4.11, under =
RHEL 5.
Basically, we've not supported changing the PAG of your parent on Linux =
for a while now. There's no easy way of fiddling with the group =
membership of the parent process without breaking loads of locking =
assumptions, or using things that we aren't allowed to have access to. =
Hence the warning in the manpage. That said, we haven't consciously set =
out to break it either, so if this is something that works in 1.4.x, but =
not in 1.4.11, and is unrelated to a kernel version change, I'd be =
interested to hear more about it.
In 1.4.x, PAG membership is still determined by a processes group list =
(in 1.5.x, we use the keyring as the only source of PAG information) - =
so the existence or not of a keyring shouldn't be a problem. However, it =
does occur to me that we are now using keyrings for PAG garbage =
collection - as walking the process table ceased being an option. It's =
possible that what's happening is that we are, through some fluke, =
succeeding in changing the parent's group ID. However, we can't (on =
kernels of RHEL5 vintage) set the keyring of the parent safely. So only =
the child has a keyring containing that PAG. When the child dies, the =
keyring's reference count hits 0, and so it is garbage collected. This =
triggers garbage collection of the associated tokens, and so the parent =
loses out.
I can't think of any easy way to solve this, though, beyond reiterating =
"-setpag isn't supported on Linux". Ideas are welcome.
Cheers,
Simon.