Daniel Phillips <[EMAIL PROTECTED]> wrote:
>
> This filesystem-specific flag needs to be prevented from escaping into other
> subsystems that might interact, such as VM. The current usage is mainly
> for directories, except for Reiser4, which uses it for journalling
> ..
> + SetPageMiscFS(pa
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> Note: I have not fully audited the NFS-related colliding use of page flags
> bit 8,
Nor will you be able to until the NFS caching patches are released.
> to verify that it really does not escape into VFS or MM from NFS, in fact I
> have misgivings abo
Trond Myklebust <[EMAIL PROTECTED]> wrote:
> > http://marc.theaimsgroup.com/?l=linux-kernel&m=112368417412580&w=2
>
> Oh. You are talking about CacheFS? That hasn't been declared "ready to
> merge" yet.
I can probably put out FS-Cache now, and the patches for kAFS and NFS to use
it. CacheFS is t
Adrian Bunk <[EMAIL PROTECTED]> wrote:
> Since this was done only for CacheFS, and Andrew dropped CacheFS from
> -mm he could drop this patch as well.
I asked him not to. Somewhat at his instigation, I requested that he drop the
filesystem caching patches for the moment. I'm updating them and th
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> To be honest I'm having some trouble following this through logically. I'll
> read through a few more times and see if that fixes the problem. This seems
> cluster-related, so I have an interest.
Well, perhaps I can explain the function for which I'm
Christoph Hellwig <[EMAIL PROTECTED]> wrote:
> David, is that more than a debugging aid? I'm trying to get rid of
> tasklist_lock users and this one looks really suspicios..
Yes. The FR451 CPU (the only one with an MMU at the moment) has accounting and
profiling aids that are enabled by the con
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> > I know you want to ruthlessly trim out anything that isn't used, but please
> > be patient:-)
>
> Are you sure CacheFS is even the right way to do client-side caching?
It's just one way. See the attached document for how it works.
> What is wrong w
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> You also achieved some sort of new low point in the abuse of StudlyCaps
> there. Please, let's not get started on mixed case acronyms.
My patch has been around for quite a while, and no-one else has complained,
not even you before this point. Plus, yo
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> > Now we already do this at one level: RAM. The page cache _is_ such a cache,
> > but whilst it's much faster than a disk, it is severely restricted in size
>
> Did you just suggest that 16 TB/address_space is too small to cache NFS pages?
No. I meant
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> > I want to know when a page is going to be modified so that I
> > can predict the state of the cache as much as possible. I don't want
> > userspace processes corrupting the cache in unrecorded ways.
>
> There are two cases:
>
> 1) Metadata. If a
semaphores, see the
attached module. It tests both semaphores (as mutexes) and rw-semaphores.
David
/* rwsem-any.c: run some threads to do R/W semaphore tests
*
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
* Written by David Howells ([EMAIL PROTECTED])
*
* This program is free softw
Blaisorblade <[EMAIL PROTECTED]> wrote:
> Ok, a grep shows that possible culprits (i.e. giving success to
> grep GENERIC_HARDIRQS arch/*/Kconfig, and using 0x400 as PREEMPT_ACTIVE,
> as given by grep PREEMPT_ACTIVE include/asm-*/thread_info.h) are (at a first
> glance): frv, sh, sh64.
For F
The attached patch makes the keyring functions calculate the new size of a
keyring's payload based on the size of pointer to the key struct, not the size
of the key struct itself.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
warthog>diffstat -p1 ../keys-2612mm1.diff
The attached patch makes the argument to this printk in
calibrate_migration_costs() always long to match the format string.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
warthog>diffstat -p1 format-arg-size-2612mm1-10.diff
kernel/sched.c |2 +-
1 files changed, 1 insert
caller holds the lock, thus making oops
reports "atomic".
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
diff -uNrp linux-2.6.12-mm1/kernel/printk.c
linux-2.6.12-mm1-cachefs-wander/kernel/printk.c
--- linux-2.6.12-mm1/kernel/printk.c2005-06-22 13:54:08.0 +0100
Andrew Morton <[EMAIL PROTECTED]> wrote:
> hm, I guess it adds a theoretical deadlock if some other CPU is in the
> middle of printk and is trying to take some_lock and this CPU takes an oops
> while holding some_lock. Probably that's an acceptable tradeoff though.
What it perhaps needs is a max
caller holds the lock, thus making oops
reports "atomic".
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
warthog>diffstat -p1 ../printk-smp-2613rc2mm1-2.diff
kernel/printk.c | 15 +--
1 files changed, 13 insertions(+), 2 deletions(-)
diff -uNrp linux-2.
Hi Steve,
Someone's finally waved this discussion in my direction.
> Still puzzled about what could have been fixed in user space since this
> appears to affect more than one shell. Module loading appears to be
> very synchronous, so unless the shell was not waiting for exit status
> on children
o the destination keyring if one is
supplied.
The wrong macro was being used to test for an error condition: PTR_ERR()
will always return true, whether or not there's an error; this should've
been IS_ERR().
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
Pavel Machek <[EMAIL PROTECTED]> wrote:
> > My patch has been around for quite a while, and no-one else has
> > complained, not even you before this point. Plus, you don't seem to be
> > complaining about PageSwapCache... nor even PageLocked.
>
> PageFsMisc really *is* ugly and hard to read. Page
Pavel Machek <[EMAIL PROTECTED]> wrote:
> > I disagree again. I don't think PageFsMisc() is particularly ugly or
> > unreadable; and it makes it a touch more likely that someone reading code
> > that uses it will notice that it's a miscellaneous flag specifically for
> > filesystem use (you can't
Daniel Phillips <[EMAIL PROTECTED]> wrote:
> Biased. Fs is a mixed case acronym, nuff said.
But I'm still right:-)
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordo
Rik van Riel <[EMAIL PROTECTED]> wrote:
> Here is an incremental fix to the add-sem_is_read-write_locked
> patch in -mm. Also attached is a full version of that file,
> which can just be dropped into place - I've verified that none
> of the patches in your stack get rejects.
The comment attached
OFS error handling
From: David Howells <[EMAIL PROTECTED]>
Add some more fixes to ISOFS error handling on top of Al Viro's patch:
(1) Use IS_ERR() rather than ERR_PTR() to test for errors.
(2) Return the error from isofs_iget() in parse_rock_ridge_inode_internal().
(3) In iso
Al Viro <[EMAIL PROTECTED]> wrote:
> My apologies, should've had coffee before posting.
Me too, probably.
> FWIW, this patch pile is getting ridiculous - it's what, original + 2 fixes
> in -mm + mine + this one? Could you post the updated patch with all fixes
> and fixes to fixes folded into it
return an error code, and make isofs_iget() pass it on. Furthermore
isofs_iget() no longer ever returns NULL for situations where it used to, so
all the places that call it must use IS_ERR() to check its return value.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/isofs/ex
David Howells <[EMAIL PROTECTED]> wrote:
> return an error code, and make isofs_iget() pass it on. Furthermore
> isofs_iget() no longer ever returns NULL for situations where it used to, so
> all the places that call it must use IS_ERR() to check its return value.
Seems "s
Nick Piggin <[EMAIL PROTECTED]> wrote:
> No. I mean call the bit PG_private2. That way non-pagecache and
> filesystems that don't use fscache can use it.
The bit is called PG_owner_priv_2, and then 'subclassed' to PG_fscache, much
like PG_owner_priv_1 is 'subclassed' to PG_checked as was recommen
Sam Ravnborg <[EMAIL PROTECTED]> wrote:
> David - will you look into this?
Do you have a config?
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Pleas
[arch/x86/kernel/smpboot_64.c]
void do_fork_idle(struct work_struct *work)
Needs labelling with __cpuinit.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
Label x86 do_fork_idle() with __cpuinit to avoid getting linker warnings when
it references fork_idle(). Also make it static.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
arch/x86/kernel/smpboot_64.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ar
Nick Piggin <[EMAIL PROTECTED]> wrote:
> > Nick Piggin <[EMAIL PROTECTED]> wrote:
> > > No. I mean call the bit PG_private2. That way non-pagecache and
> > > filesystems that don't use fscache can use it.
> >
> > The bit is called PG_owner_priv_2, and then 'subclassed' to PG_fscache,
> > much like
still going to require that I duplicate read_cache_pages()? Or can
you accept that sharing is sufficient, especially if PG_private_2 now
exists?
David
---
FS-Cache: Recruit a couple of page flags for cache management
From: David Howells <[EMAIL PROTECTED]>
Recruit a couple
Okay. I can:
(1) Have cachefilesd (the daemon) pass a security context string to the
cachefiles kernel module, which can then convert it to a secID. It'll
require a security_secctx_to_secid() function, but I'm fairly certain I
have a patch to add such kicking around somewhere.
David Howells <[EMAIL PROTECTED]> wrote:
> Now, I recall the addition of another security class being mentioned, which
> presumably would give something like:
>
> avc_has_perm(daemon_tsec->sid, nominated_sid,
>SECCLASS_CACHE, CACHE__USE_AS_OVERR
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> Right, the latter is reasonable.
> Requires adding the class and permission definition to
> policy/flask/security_classes and policy/flask/access_vectors and then
> regenerating the kernel headers from those files, ala:
> svn co http://oss.tresys.com/
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> If you have a "SELinux: policy loaded with handle_unknown=allow"
> message in your /var/log/messages, then new classes/perms that are not
> yet known to the policy will be allowed by default, so the operation
> will be permitted by the kernel.
I don't
Chuck Lever <[EMAIL PROTECTED]> wrote:
> Why not use the fsid as well? The NFS client already uses the fsid to detect
> when it is crossing a server-side mount point.
Why use the FSID at all? The file handles are supposed to be unique per
server.
> I also note the inclusion of server IP addres
Chuck Lever <[EMAIL PROTECTED]> wrote:
> Why not encode the local mounted-on directory in the key?
Can't. Namespaces. chroot.
> Meaning your cache is at quota all the time, and to continue operation it must
> eject items constantly.
I've thought about that, thank you. Go and read the documen
Serge E. Hallyn <[EMAIL PROTECTED]> wrote:
> Could you resend patch 6?
As I said in the cover note:
A tarball of the patches is available at:
http://people.redhat.com/~dhowells/fscache/patches/nfs+fscache-25.tar.bz2
David
--
To unsubscribe from this list: send the line "unsubscribe l
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> > + tsec->create_sid = SECINITSID_UNLABELED;
> > + tsec->keycreate_sid = SECINITSID_UNLABELED;
> > + tsec->sockcreate_sid = SECINITSID_UNLABELED;
Cleared means what? Setting to 0? Or is there some other constant I should
use for that?
David
-
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> Otherwise, only other issue I have with this interface is it won't
> generalize to dealing with nfsd, where we want to set the acting context
> to a context we obtain from or determine based upon the client.
Are you speaking of security_kernel_act_as()
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> From a config file whose pathname would be provided by libselinux (ala
> the way in which dbusd imports contexts), or directly as a context
> returned by a libselinux function.
That sounds too SELinux specific. How do I do it so that it works for any
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> That happens to me when interfaces are described in SELinux terms. I
> still don't care much for multiple contexts, and I don't have a good
> grasp of how you'll deal with Smack, or any LSM other than SELinux.
Me neither. I understand SELinux somewhat
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> > That sounds too SELinux specific. How do I do it so that it works for any
> > LSM?
>
> You can't. There is no LSM for userspace; LSM specifically disavowed
> any common userspace API, and that was one of our original
> objections/concerns about it.
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> All your code has to do is invoke a function provided by libselinux.
Calling libselinux means it's a special case for a specific LSM.
I think the best way to do this, then, has to be to dlopen the appropriate LSM
library. That way I don't need to do
Karl MacMillan <[EMAIL PROTECTED]> wrote:
> That's what I remember as well - I suggested the transition idea and
> then, after discussion, agreed that it wasn't the best approach.
Sigh.
Can you tell me then how to do it now? I don't know very much about using
SELinux userspace stuff libraries o
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> You may need to have an application, say cachefileselinuxcontext, that will
> read the current policy and spit out an appropriate value of "",
> but that can be separate and LSM specific without mucking up your basic
> infrastructure applications.
What
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> That sounds workable, although I think he will want a more specific hook
> than security_secctx_to_secid(), or possibly a second hook call, that
> would not only validate the context but authorize the use of it by the
> cachefilesd process. And then th
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> What sort of authorization are you thinking of? I would expect
> that to have been done by cachefileselinuxcontext (or
> cachefilesspiffylsmcontext) up in userspace. If you're going to
> rely on userspace applications for policy enforcement they need
>
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> Put the result into /etc/cachefiles.conf.
Ewww. Runtime mangling of the configuration. I suppose it doesn't have to be
in that file with the rest of the config.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> Yes, but we're talking about writing the configuration information
> to the kernel, not actually making any access checks with it. I
> think. What I think we're talking about (and please correct me David
> if I've stepped into the wrong theatre) is gett
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> > This fd selects the
> > particular cache context that a particular instance of a running daemon is
> > using.
>
> Yes, but forgive me being slow, I don't see the problem.
I mean that it's not particularly sensible to have an auxiliary interface (say
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> More likely, run it at build time in your .spec file to generate
> cachefiles.conf,
I don't think sticking it in cachefiles.conf is a good idea necessarily.
That has to be an administrator modifiable file. Is there a program I could
make cachefiles ru
Casey Schaufler <[EMAIL PROTECTED]> wrote:
> It would seem to me that security_secctx_to_secid() ought to suffice if the
> application code was written correctly.
That's not quite sufficient as there still needs to be a verification step to
make sure the caller is allowed to do this.
> Be aware
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> > Have you example code for the security hook you mention? I'm not sure I
> > understand why security_secctx_to_secid() is not sufficient.
>
> security_secctx_to_secid() would just validate and map a context string to a
> secid.
Validate as in check
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> It is just a way of carving up the permission space, typically based on
> object type, but it can essentially be arbitrary. The check in this
> case seems specific to cachefiles since it is controlling an operation
> on the /dev/cachefiles interface th
Stephen Smalley <[EMAIL PROTECTED]> wrote:
>
> Yes, we could easily make a simple program that just invokes a
> libselinux function that in turn grabs the proper context from some
> context configuration file under /etc/selinux/$SELINUXTYPE/contexts/ and
> outputs it. Dan can help with that.
Th
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> They would correspond with the operations provided by the /dev/cachefiles
> interface, at the granularity you want to support distinctions to be made.
Can this be made simpler by the fact that /dev/cachefiles has its own unique
label (cachefiles_dev_t)
Stephen Smalley <[EMAIL PROTECTED]> wrote:
> Do any of the interfaces allow a task to act on a cache other than one
> it has created?
No.
> How does the task identify the desired cache?
Each file descriptor opened creates one separate cache instance. Any commands
sent over that filedescriptor
FRV looks okay.
Acked-By: David Howells <[EMAIL PROTECTED]>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
These patches add local caching for network filesystems such as NFS.
The patches can roughly be broken down into a number of sets:
(*) 01-keys-inc-payload.diff
(*) 02-keys-search-keyring.diff
(*) 03-keys-callout-blob.diff
Three patches to the keyring code made to help the CIFS peop
igned-off-by: David Howells <[EMAIL PROTECTED]>
---
security/keys/keyctl.c | 38 ++
1 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index d9ca15c..8ec8432 100644
--- a/security/keys/key
()
request_key_async()
request_key_async_with_auxdata()
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
Documentation/keys-request-key.txt | 11 +---
Documentation/keys.txt | 14 +++---
include/linux/key.h|9 ---
security/keys/inte
is given and
2) check whether that top-level keyring is the thing being searched for
Signed-off-by: Kevin Coffman <[EMAIL PROTECTED]>
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/keys/keyring.c | 35 +++
1 files changed, 31 insert
Change current->fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
arch/ia64/kernel/perfmon.c|4 ++--
arch/powerpc/platforms/cell/spufs/inode.c |4 ++--
drivers/
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
---
include/linux/security.h | 13 +
security/dummy.c |6 ++
security/security
must have view permission on the key for this function to be
successful.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
---
Documentation/keys.txt | 21 +++
include/linux/keyctl.h |1 +
include/linux/security.h |
Pre-add additional non-caching classes that are in the SELinux upstream
repository, but not in the upstream kernel so they don't get in the fscache
class patch.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/selinux/include/av_perm_to_string.h |5 +
secur
. The cachefilesd
daemon will nominate the security ID to be used.
The second vector is used to grant a process the right to nominate a file
creation label for a kernel service to use.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/selinux/include/av_perm_to_string.h
cred.h b/include/linux/cred.h
new file mode 100644
index 000..497af5b
--- /dev/null
+++ b/include/linux/cred.h
@@ -0,0 +1,23 @@
+/* Credential management
+ *
+ * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells ([EMAIL PROTECTED])
+ *
+ * This program is free so
ropriately (see set_security_override[_from_ctx]()).
NOTE! This patch must be rolled in to one of the earlier security patches to
make it compile fully.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfsd/auth.c| 31 +---
fs/nfsd/nfs4
do the honours.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
mm/readahead.c | 39 +--
1 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/mm/readahead.c b/mm/readahead.c
index c9c50ca..75aa6b6 100644
--- a/mm/readahead.c
++
make the checks for both
PG_private and PG_private_2 at the same time.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/splice.c|2 +-
include/linux/page-flags.h | 39 +--
include/linux/pagemap.h| 11 +++
mm/fil
Provide an add_wait_queue_tail() function to add a waiter to the back of a
wait queue instead of the front.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
include/linux/wait.h |2 ++
kernel/wait.c| 18 ++
2 files changed, 20 insertions(+), 0 del
This one-line patch fixes the missing export of copy_page introduced
by the cachefile patches. This patch is not yet upstream, but is required
for cachefile on ia64. It will be pushed upstream when cachefile goes
upstream.
Signed-off-by: Prarit Bhargava <[EMAIL PROTECTED]>
Signed-off-by:
hen made use of by
the generic hook in the next patch, which is used by CacheFiles to write
pages to a file without setting up a file struct.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/ext3/inode.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff -
.
Supply a generic implementation for this that uses the write_begin() and
write_end() address_space operations to bind a copy directly into the page
cache.
Hook the Ext2 and Ext3 operations to the generic implementation.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/ext2/inode.c
-off-by: David Howells <[EMAIL PROTECTED]>
---
include/linux/pagemap.h |5 +
mm/filemap.c| 18 ++
2 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index f9e0f81..e9f37b3 100644
--- a/i
Export a number of functions for CacheFiles's use.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/super.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/fs/super.c b/fs/super.c
index ceaf2e3..cd199ae 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -2
Fix a memory leak whereby multiple clientaddr=xxx mount options just overwrite
the duplicated client_address option pointer, without freeing the old memory.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfs/super.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
NFS filesystem to use caching, add an "fsc" option to the mount:
mount warthog:/ /a -o fsc
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfs/Makefile |1
fs/nfs/client.c |5 +
fs/nfs/file.c | 37
fs/nfs/fscache-d
Changes to the kernel configuration defintions and to the NFS mount options to
allow the local caching support added by the previous patch to be enabled.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/Kconfig|8
fs/nfs/client.c |2 ++
fs/nfs/internal.h
specify a uniquifier.
(*) Adding "nofsc" will disable caching.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfs/fscache-def.c | 33
fs/nfs/fscache.c | 122 -
fs/nfs/fscache.h | 46 ++
Display the local caching state in /proc/fs/nfsfs/volumes.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfs/client.c |7 ---
fs/nfs/fscache.h | 15 +++
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
is given and
2) check whether that top-level keyring is the thing being searched for
Signed-off-by: Kevin Coffman <[EMAIL PROTECTED]>
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/keys/keyring.c | 35 +++
1 files changed, 31 insert
These patches add local caching for network filesystems such as NFS.
The patches can roughly be broken down into a number of sets:
(*) 01-keys-inc-payload.diff
(*) 02-keys-search-keyring.diff
(*) 03-keys-callout-blob.diff
Three patches to the keyring code made to help the CIFS peop
()
request_key_async()
request_key_async_with_auxdata()
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
Documentation/keys-request-key.txt | 11 +---
Documentation/keys.txt | 14 +++---
include/linux/key.h|9 ---
security/keys/inte
igned-off-by: David Howells <[EMAIL PROTECTED]>
---
security/keys/keyctl.c | 38 ++
1 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index d9ca15c..8ec8432 100644
--- a/security/keys/key
David Howells <[EMAIL PROTECTED]> wrote:
> (2) PG_fscache_write (PG_owner_priv_2)
>
> The marked page is being written to the local cache. The page may not be
> modified whilst this is in progress.
Oops. wait_on_page_owner_priv_2() should use PG_owner_
must have view permission on the key for this function to be
successful.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
---
Documentation/keys.txt | 21 +++
include/linux/keyctl.h |1 +
include/linux/security.h |
Change current->fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
arch/ia64/kernel/perfmon.c|4 ++--
arch/powerpc/platforms/cell/spufs/inode.c |4 ++--
drivers/
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
---
include/linux/security.h | 13 +
security/dummy.c |6 ++
security/security
Pre-add additional non-caching classes that are in the SELinux upstream
repository, but not in the upstream kernel so they don't get in the fscache
class patch.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/selinux/include/av_perm_to_string.h |5 +
secur
. The cachefilesd
daemon will nominate the security ID to be used.
The second vector is used to grant a process the right to nominate a file
creation label for a kernel service to use.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
security/selinux/include/av_perm_to_string.h
cred.h b/include/linux/cred.h
new file mode 100644
index 000..497af5b
--- /dev/null
+++ b/include/linux/cred.h
@@ -0,0 +1,23 @@
+/* Credential management
+ *
+ * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells ([EMAIL PROTECTED])
+ *
+ * This program is free so
ropriately (see set_security_override[_from_ctx]()).
NOTE! This patch must be rolled in to one of the earlier security patches to
make it compile fully.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/nfsd/auth.c| 31 +---
fs/nfsd/nfs4
do the honours.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
mm/readahead.c | 39 +--
1 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/mm/readahead.c b/mm/readahead.c
index c9c50ca..75aa6b6 100644
--- a/mm/readahead.c
++
This one-line patch fixes the missing export of copy_page introduced
by the cachefile patches. This patch is not yet upstream, but is required
for cachefile on ia64. It will be pushed upstream when cachefile goes
upstream.
Signed-off-by: Prarit Bhargava <[EMAIL PROTECTED]>
Signed-off-by:
hen made use of by
the generic hook in the next patch, which is used by CacheFiles to write
pages to a file without setting up a file struct.
Signed-off-by: David Howells <[EMAIL PROTECTED]>
---
fs/ext3/inode.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff -
901 - 1000 of 7895 matches
Mail list logo
