Alan, Thanks! This validates my assumptions. :-) Jeff Alan Cox wrote: > > > M2FS and am sticking to a user space daemon instead for the remote file > > system server -- the entire security model in Linux appears to be > > tightly integrated with the user space networking support, so for Linux > > Thats not the case, a kernel thread can change its current->fsuid/euid/uid > and groups at will directly. It can also map the kernel as its > user space. > > > I am focusing there since the normal features provided by hosts.deny, > > hosts.allow, etc. are all at this level and it seems pretty dumb to > > attempt to circumvent them. The M2FS file system driver is in kernel, > > and I've instrumented it to look a lot like NCPFS and NBD, with the > > exception that I issue a ->connect() request from the driver instead of > > passing a sockets handle down from user space like NCPFS and NBD do > > today, which seems to work OK. > > That makes sense. It also means its easier to make the fs driver multi > protocol > > > assuming that the mapping of services names, like smptd and pop3d for > > example to ports 25 and 110 is controlled from this file. What's messy > > Yes - its basically from the IP assigned numbers rfcs + local extras + > other protocols if you have things like appletalk in use > > > the whole /etc/rc.d/init.d scripts startup layout is fairly close to > > what's in Caldera Open Linux. Apart from putting a script in > > /etc/rc.d/init.d to start the daemon and updating the /etc/services file > > with the port mappings, are there any other "gotcha's" related to > > current RedHat releases > > Not major ones. The init.d script can also contain a chkconfig entry so that > your rpm when you install it also sets up the script to be run at some runlevels > > The differences in rc.d/init.d stuff are one of the things the LSB is busy > standardising. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
