[PATCH] 3.3-3.14: access permission filesystem

I finally came around updating the accessfs module to Linux 3.14. This patch adds a new permission managing file system. Furthermore, it adds two modules, which make use of this file system. One module allows granting capabilities based on user-/groupid. The second module allows to grant access t

Re: [PATCH] 3.8: access permission filesystem

ebied...@xmission.com (Eric W. Biederman) writes: > Olaf Dietsche writes: > >> I am in the process of catching up with the last two years or so. >> Right now, I am at the changes involving user namespaces. >> >> I have two possible implementations, both worki

[PATCH] 3.8: access permission filesystem

I am in the process of catching up with the last two years or so. Right now, I am at the changes involving user namespaces. I have two possible implementations, both working equally well in a shared environment. Since I am not familiar with namespaces in general and user namespaces in particular,

[PATCH] 2.6.24: access permission filesystem 0.20

This patch adds a new permission managing file system. Furthermore, it adds two modules, which make use of this file system. One module allows granting capabilities based on user-/groupid. The second module allows to grant access to lower numbered ports based on user-/groupid, too. Changes: - upd

Re: Make the 32 bit Frame Pointer backtracer fall back to traditional

Arjan van de Ven <[EMAIL PROTECTED]> writes: > I coded it, it's not all that bad, the output looks like: > > Pid: 0, comm: swapper Not tainted 2.6.24-rc7 #17 > [] show_trace_log_lvl+0x1a/0x2f > [] show_trace+0x12/0x14 > [] dump_stack+0x6a/0x70 > [] backtrace_test_timer+0x23/0x25 [backtracete

Re: [PATCH] 2.6.23: Filesystem capabilities 0.17

Jan Kara <[EMAIL PROTECTED]> writes: > On Thu 01-11-07 23:22:51, Olaf Dietsche wrote: >> >> The bits are stored in a sparse file named /.capabilities in the >> directory of the mount point, where the corresponding executable >> lives. The inode number of the

Re: [PATCH] 2.6.23: Filesystem capabilities 0.17

Casey Schaufler <[EMAIL PROTECTED]> writes: > --- Olaf Dietsche <[EMAIL PROTECTED]> wrote: > >> The bits are stored in a sparse file named /.capabilities in the >> directory of the mount point, where the corresponding executable >> lives. The inode number of

Re: [PATCH] 2.6.23: Filesystem capabilities 0.17

Jan Kara <[EMAIL PROTECTED]> writes: > On Thu 01-11-07 20:49:32, Olaf Dietsche wrote: >> Jan Kara <[EMAIL PROTECTED]> writes: >> >> >> This patch implements filesystem capabilities. It allows to >> >> run privileged executables without the ne

Re: [PATCH] 2.6.23: Filesystem capabilities 0.17

"Serge E. Hallyn" <[EMAIL PROTECTED]> writes: > Quoting Olaf Dietsche ([EMAIL PROTECTED]): >> This patch implements filesystem capabilities. It allows to >> run privileged executables without the need for suid root. >> >> Changes: >> - upda

Re: [PATCH] 2.6.23: Filesystem capabilities 0.17

Jan Kara <[EMAIL PROTECTED]> writes: >> This patch implements filesystem capabilities. It allows to >> run privileged executables without the need for suid root. > Hmm, is there some "design document" so that one does not have to poke > through the code and find out what it's actually trying to

[PATCH] 2.6.23: Filesystem capabilities 0.17

(ATTR_KILL_SUID | ATTR_KILL_SGID)) + fscap_drop(inode); + fsnotify_change(dentry, ia_valid); + } return error; } diff --git a/fs/fscaps.c b/fs/fscaps.c new file mode 100644 index 000..5bb5c00 --- /dev/null +++ b/fs/fscaps.c @@ -0,0 +1,318 @@ +/* + * Copyright (c) 20

[PATCH] 2.6.23: access permission filesystem 0.20

ABILITIES) += usercaps.o +obj-$(CONFIG_ACCESSFS_USER_PORTS) += userports.o + +accessfs-objs := inode.o +usercaps-objs := capabilities.o +userports-objs := ip.o diff --git a/fs/accessfs/capabilities.c b/fs/accessfs/capabilities.c new file mode 100644 index 000..deaec8f --- /dev/null +++ b/fs/accessfs/ca

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

Pavel Machek <[EMAIL PROTECTED]> writes: > noapic/nolapic will not help with video issue. try s2ram from > suspend.sf.net. I already tried s2ram, no improvement so far. Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PRO

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

Pavel Machek <[EMAIL PROTECTED]> writes: >> resume from suspend to ram doesn't work for my laptop and never >> has. So, this is not a regression. [...] > Beeping patch? It is in -mm now. noapic nolapic and nosmp are useful, > too. With the proprietary nvidia module, the laptop resumes, but the sc

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

Olaf Dietsche <[EMAIL PROTECTED]> writes: > I installed the nvidia.ko (1.0-9755) kernel module and now the machine > comes back to life. Although the screen stays black as before, I can > type blindly "shutdown -r now" or ssh into the laptop. Here's an update: w

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

Pavel Machek <[EMAIL PROTECTED]> writes: >> But either way the script never reaches "shutdown -rn now". So, it >> seems, that my laptop does a full resume every other reboot, but it >> never returns to userspace. > > But it returns to kernel... can you use more trace points to figure > out where i

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

"Rafael J. Wysocki" <[EMAIL PROTECTED]> writes: > You may try to use 's2ram --force --vbe_post --vbe_mode', if you haven't tried > that already. Unfortunately, this doesn't work either. > Still, if the card is a 7300 or higher, that need not work (at present we > don't > know what magic is requ

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

"Rafael J. Wysocki" <[EMAIL PROTECTED]> writes: > On Sunday, 3 June 2007 23:20, Olaf Dietsche wrote: > >> But either way the script never reaches "shutdown -rn now". So, it >> seems, that my laptop does a full resume every other reboot, but it

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

"Rafael J. Wysocki" <[EMAIL PROTECTED]> writes: > Second, you can use PM_TRACE (Documentation/power/s2ram.txt) to find the > place where it really fails. First I augmented my minimal config kernel with some TRACE_RESUME()s: --- a/kernel/power/main.c 2007-05-27 23:48:05.0 +0200 +++

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

"Rafael J. Wysocki" <[EMAIL PROTECTED]> writes: > On Friday, 1 June 2007 23:12, Olaf Dietsche wrote: >> "Rafael J. Wysocki" <[EMAIL PROTECTED]> writes: >> >> > On Friday, 1 June 2007 22:27, Olaf Dietsche wrote: >> >> Wh

Re: [2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

"Rafael J. Wysocki" <[EMAIL PROTECTED]> writes: > On Friday, 1 June 2007 22:27, Olaf Dietsche wrote: >> When I resume, everything seems to come up (fan becomes busy, disk and >> dvd spin up for a short time), > > Hmm, what about the screen? When the laptop i

[2.6.22-rc3][ACPI?] Resume from s2r doesn't work.

Hi, resume from suspend to ram doesn't work for my laptop and never has. So, this is not a regression. Hibernate (aka suspend to disk) works, however. When I resume, everything seems to come up (fan becomes busy, disk and dvd spin up for a short time), but the machine is not responding to anythi

Re: kobject_add unreachable code

Martin Stoilov <[EMAIL PROTECTED]> writes: > Martin Stoilov wrote: >> Olaf Dietsche wrote: >> >>> Martin Stoilov <[EMAIL PROTECTED]> writes: >>> >>> >>> >>>> The following code in kobject_add >>>>

Re: kobject_add unreachable code

Martin Stoilov <[EMAIL PROTECTED]> writes: > The following code in kobject_add > if (!kobj->k_name) > kobj->k_name = kobj->name; > if (!kobj->k_name) { > pr_debug("kobject attempted to be registered with no name!\n"); > WARN_ON(1); > return -EINVAL; > }

[PATCH] 2.6.19: access permission filesystem 0.19

This patch adds a new permission managing file system. Furthermore, it adds two modules, which make use of this file system. One module allows granting capabilities based on user-/groupid. The second module allows to grant access to lower numbered ports based on user-/groupid, too. Changes: - upd

[PATCH] 2.6.19: Filesystem capabilities 0.16

This patch implements filesystem capabilities. It allows to run privileged executables without the need for suid root. Changes: - updated to 2.6.19 This patch is available at: Regards, Olaf. - To unsubscribe from this list: send the line "unsubscrib

Re: [PATCH] 2.6.13: Filesystem capabilities 0.16

[EMAIL PROTECTED] writes: > Or, has there been any communication between yourself and > Nicholas Hans Simmonds, who posted his xattr-based fscaps > patch in july (first posting july 2)? Short answer: no. I'm just keeping this patch up to date for myself and those interested (if any ;-). Regards,

Re: [PATCH] 2.6.13: Filesystem capabilities 0.16

Nix <[EMAIL PROTECTED]> writes: > On 1 Sep 2005, Olaf Dietsche murmured woefully: >> This patch implements filesystem capabilities. It allows to run >> privileged executables without the need for suid root. > > Is there some reason why this doesn't keep its capa

[PATCH] 2.6.13: access permission filesystem 0.17

This patch adds a new permission managing file system. Furthermore, it adds two modules, which make use of this file system. One module allows granting capabilities based on user-/groupid. The second module allows to grant access to lower numbered ports based on user-/groupid, too. Changes: - upd

[PATCH] 2.6.13: Filesystem capabilities 0.16

This patch implements filesystem capabilities. It allows to run privileged executables without the need for suid root. Changes: - updated to 2.6.13 This patch is available at: Regards, Olaf. - To unsubscribe from this list: send the line "unsubscrib

Re: Why build empty object files in drivers/media?

Sam Ravnborg <[EMAIL PROTECTED]> writes: > +obj-$(CONFIG_VIDEO_DEV) := video/ > +obj-$(CONFIG_VIDEO_DEV) := radio/ s/VIDEO/RADIO/ Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http:

Re: [PATCH] Reduce stack usage in acct.c

Yum Rayan <[EMAIL PROTECTED]> writes: > Attempt to reduce stack usage in acct.c (linux-2.6.12-rc1-mm3). Stack > usage was noted using checkstack.pl. Specifically: > > Before patch > > check_free_space - 128 > > After patch > --- > check_free_space - 36 > > Signed-off-by: Yum R

Re: Capabilities across execve

Chris Wright <[EMAIL PROTECTED]> writes: > * Alexander Nyberg ([EMAIL PROTECTED]) wrote: >> I can see useful scenarios of having the possiblity of capabilities per >> inode (it appears the xattr way wins somewhat in the previous >> discussion). > > It's how it should be done. I agree to disagree

Re: 2.6.11-rc3-mm2

Christoph Hellwig <[EMAIL PROTECTED]> writes: > On Thu, Feb 10, 2005 at 02:35:08AM -0800, Andrew Morton wrote: >> >> - Added the mlock and !SCHED_OTHER Linux Security Module for the audio guys. >> It seems that nothing else is going to come along and this is completely >> encapsulated. > > Ev

Re: How to read file in kernel module?

linux lover <[EMAIL PROTECTED]> writes: > Now what i want is to use same bufproc_read & > bufproc_write functions defined in /proc file > handling kernel module to be used in another kernel > module to read that /proc/file in kernel module.The > second kernel module only used to read /proc file i

Re: [RFC] Linux Kernel Subversion Howto

Stelian Pop <[EMAIL PROTECTED]> writes: > I must test this...), plus 600 MB per working copy. If you use svk for the client side, there's (almost?) no overhead. Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a mess

Re: linux capabilities ?

jnf <[EMAIL PROTECTED]> writes: > Thank you, when I get a second I will take a look through it. I've already > written a couple programs to set/get capabilities, so I am aware of the > interface/api, it was just that even with the capabilities it was not > working ;] > Either way I will take a loo

Re: [OT] Interrupting select.

Hi, "Peter T. Breuer" <[EMAIL PROTECTED]> writes: > "A month of sundays ago Alan Cox wrote:" > > > What IS the magic combination that makes select interruptible > > > by honest-to-goodness non-blocked signals! > > man > > > > [seriously man sigaction] > > Equally seriously .. all signals are u

Re: gcc-2.95.2-51 is buggy

Rik van Riel <[EMAIL PROTECTED]> writes: > On Sat, 25 Nov 2000, Andries Brouwer wrote: > > On Sat, Nov 25, 2000 at 03:26:15PM -0200, Rik van Riel wrote: > > > > > The gcc-2.95.2-6cl from Conectiva 6.0 is buggy too. > > > > Yes. Probably you have seen it by now, but the difference between > > go