[OpenAFS] Removing the ability to change the PAG of the parent

[Simon Wilkinson]

We're currently (on opeanfs-devel) discussing a new mechanism for  
storing tokens in the kernel - this new mechanism is required to  
support new security layers such as rxgk and rxk5. There have been a  
significant number of posters advocating removing the 'change the PAG  
of my parent' feature, which is used by aklog -setpag, amongst others.  
A process would still be able to change its own PAG.

There are numerous technical reasons for wanting to make this change.  
This functionality is very difficult to implement in a cross-platform  
manner, without exposing ourselves to all sorts of kernel races. On  
some platforms (such as Linux) it works on some kernel versions, but  
not on others. Things would be made considerably easier if this  
feature went away.

Based on current developer feedback, I'm planning on removing the  
setpag functionality from the new interface. However, before making  
the final decision, I'm very interested in hearing the views of  
deployers and end users? How many of you rely on aklog -setpag? How  
difficult would things be for you if it went away in some future major  
release [*]?

Thanks,

Simon

[*] Whilst I can't commented for the gatekeepers, I'd imagine that  
this kind of thing would only change with a major release hike, and  
certainly not before 1.8 given the current release plans.