Re: [patch 0/2] Tmpfs acls

[Andreas Gruenbacher]

On Monday 09 January 2006 00:34, Matthew Garrett wrote:
> Andreas Gruenbacher <agruen@xxxxxxx> wrote:
> > This is an update of the tmpfs acl patches against 2.6.15-git4. (The
> > first version of these patches was posted on 2 February 2005.) We'll
> > have our /dev tree on tmpfs in the future, and we need acls there to
> > manage device inode permissions of logged-in users. Other distributions
> > will be in exactly the same situation, and need this patchset as well.
>
> Hmm. Do you have any infrastructure for revoking open file descriptors
> when a user logs out?

Open file descriptors have nothing to do with it. The device permissions are 
set by different pam modules on different distributions (pam_console, 
pam_resmgr).

Without acls, permissions are assigned by changing file ownership. With acls, 
the respective user or users can be given access as appropriate, which is 
more flexible. There are a few cases in which it is desirable to grant access 
to a device to more than one locally logged in user. This also obsoletes the 
resmgr hack of passing around open file descriptors and several hacks in 
applications that use this mechanism, because permissions can be set as 
appropriate.

Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/