Date: Thu, 10 Feb 2000 21:25:49 -0500
From: willy@thepuffingroup.com
On Thu, Feb 10, 2000 at 08:13:42PM +0000, Matthew Kirkwood wrote:
> On Thu, 10 Feb 2000, Chris Evans wrote:
> > We will have filesystem support soon.
>
> I see no evidence of that.
We discussed this briefly last weekend. We _think_ we need to take the
ext2 inode size up to 256 bytes anyway, which has its own associated
problems. I'm not at all sure this will happen in time to get merged
into even a later 2.4.
Ted, one thing we didn't discuss was handling capabilities in much the
same way as you proposed for ACLs --- a large number of programs want
very similar capability sets. What do you think? If we did that, we
could get away with using just 32 bits in the inode for capabilities.
We should be very sure this is the right thing to do before doing
it though. One thing the capabilities people could help us with is by
saying whether they are willing to restrict themselves to 32 capabilities
for ever or whether they think they will need more (and if so, how many?
Is there a realistic upper bound?).
Well, there are exactly two 32 bit fields left in the inode, without
expanding the inode. (Well, two and a half; there's also a 16 bit field
we could use.) The POSIX capaibilities need two bit fields, for the
"allowed" and "forced set. If we can restrict the capaibility field
width to 32 bits, we could just use those bits and be done with it.
The other approach takes more work, in that you instead use one of the
32 bit fields to contain a pointer to a "resource" block. This would
allow for essentially arbitrary length capability sets.
Neither is "really hard", although the sticking with 32-bit capabilities
is definitely easier, and could probably be implemented sooner. One of
the reasons why I hadn't pushed on this much harder has been that it
wasn't clear to me there was a huge constiuency willing to use
capabilities. The very large configuration and management issue with
capabilities has cocnerned me, and so the lack of someone strong really
wanting to push this caused me to not treat it with a high priority. If
someone is willing to be the champion for getting fs support for
capabilities (and we silling to handle finding people to write the user
mode utilities, et. al.), it could happen. Maybe (probably) not for
2.4, since it's so late in the cycle, but it could definitely happen.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:19 EST