Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 04:02:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
f0c8bd164e
linux/fs
History
Andreas Gruenbacher f0c8bd164e [PATCH] Generic infrastructure for acls 
The patches solve the following problem: We want to grant access to devices
based on who is logged in from where, etc.  This includes switching back and
forth between multiple user sessions, etc.

Using ACLs to define device access for logged-in users gives us all the
flexibility we need in order to fully solve the problem.

Device special files nowadays usually live on tmpfs, hence tmpfs ACLs.

Different distros have come up with solutions that solve the problem to
different degrees: SUSE uses a resource manager which tracks login sessions
and sets ACLs on device inodes as appropriate.  RedHat uses pam_console, which
changes the primary file ownership to the logged-in user.  Others use a set of
groups that users must be in in order to be granted the appropriate accesses.

The freedesktop.org project plans to implement a combination of a
console-tracker and a HAL-device-list based solution to grant access to
devices to users, and more distros will likely follow this approach.

These patches have first been posted here on 2 February 2005, and again
on 8 January 2006. We have been shipping them in SLES9 and SLES10 with
no problems reported.  The previous submission is archived here:

   http://lkml.org/lkml/2006/1/8/229
   http://lkml.org/lkml/2006/1/8/230
   http://lkml.org/lkml/2006/1/8/231

This patch:

Add some infrastructure for access control lists on in-memory
filesystems such as tmpfs.

Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-09-29 09:18:24 -07:00
..
9p [PATCH] 9p: fix leak on error path 2006-09-29 09:18:20 -07:00
adfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
affs [PATCH] Really ignore kmem_cache_destroy return value 2006-09-27 08:26:10 -07:00
afs [PATCH] afs: add lock annotations to afs_proc_cell_servers_{start,stop} 2006-09-29 09:18:07 -07:00
autofs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
autofs4 [PATCH] autofs4: pending flag not cleared on mount fail 2006-09-29 09:18:18 -07:00
befs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
bfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
cifs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
coda [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
configfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
cramfs [PATCH] cramfs: make cramfs_uncompress_exit() return void 2006-09-29 09:18:20 -07:00
debugfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
devpts [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
efs [PATCH] Really ignore kmem_cache_destroy return value 2006-09-27 08:26:10 -07:00
exportfs [PATCH] NFS server subtree_check returns dubious value 2006-05-21 12:59:16 -07:00
ext2 [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
ext3 [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
fat [PATCH] add -o flush for fat 2006-09-29 09:18:12 -07:00
freevxfs [PATCH] freevxfs: fix leak on error path 2006-09-29 09:18:20 -07:00
fuse [PATCH] vfs: define new lookup flag for chdir 2006-09-29 09:18:08 -07:00
hfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
hfsplus [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
hostfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
hpfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
hppfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
hugetlbfs [PATCH] hugetlbfs: add lock annotation to hugetlbfs_forget_inode() 2006-09-29 09:18:08 -07:00
isofs [PATCH] I/O Error attempting to read last partial block of a file in an ISO9660 file system 2006-09-29 09:18:15 -07:00
jbd [PATCH] JBD: memory leak in "journal_init_dev()" 2006-09-29 09:18:03 -07:00
jffs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
jffs2 [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
jfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
lockd [PATCH] add newline to nfs dprintk 2006-09-27 08:26:19 -07:00
minix [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
msdos [PATCH] add -o flush for fat 2006-09-29 09:18:12 -07:00
ncpfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
nfs [PATCH] fs/nfs/: make code static 2006-09-27 08:26:20 -07:00
nfs_common
nfsd [PATCH] Really ignore kmem_cache_destroy return value 2006-09-27 08:26:10 -07:00
nls Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ntfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
ocfs2 [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
openpromfs Move several *_SUPER_MAGIC symbols to include/linux/magic.h. 2006-09-24 11:13:19 -04:00
partitions [PATCH] ignore partition table on disks with AIX label 2006-09-29 09:18:09 -07:00
proc [PATCH] fix mem_write() return value 2006-09-29 09:18:19 -07:00
qnx4 [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
ramfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
reiserfs [PATCH] reiserfs: ifdef ACL stuff from inode 2006-09-29 09:18:11 -07:00
romfs [PATCH] Really ignore kmem_cache_destroy return value 2006-09-27 08:26:10 -07:00
smbfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
sysfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
sysv [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
udf [PATCH] mount udf UDF_PART_FLAG_READ_ONLY partitions with MS_RDONLY 2006-09-29 09:18:09 -07:00
ufs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
vfat [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
xfs [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
aio.c spelling fixes 2006-06-26 18:35:02 +02:00
attr.c [PATCH] capable/capability.h (fs/) 2006-01-11 18:42:13 -08:00
bad_inode.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
binfmt_aout.c [PATCH] Require mmap handler for a.out executables 2006-09-29 09:18:08 -07:00
binfmt_elf_fdpic.c [PATCH] elf_fdpic_core_dump: don't take tasklist_lock 2006-09-29 09:18:14 -07:00
binfmt_elf.c [PATCH] elf_core_dump: don't take tasklist_lock 2006-09-29 09:18:14 -07:00
binfmt_em86.c
binfmt_flat.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
binfmt_misc.c [PATCH] Fix unserialized task->files changing 2006-09-29 09:18:12 -07:00
binfmt_script.c
binfmt_som.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
bio.c [PATCH] Fix missing ret assignment in __bio_map_user() error path 2006-06-17 10:52:12 -07:00
block_dev.c [PATCH] block_dev.c mutex_lock_nested() fix 2006-09-29 09:18:19 -07:00
buffer.c [PATCH] mm: tracking shared dirty pages 2006-09-26 08:48:44 -07:00
char_dev.c [PATCH] cdev documentation 2006-09-29 09:18:16 -07:00
compat_ioctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
compat.c [PATCH] Check return value of copy_to_user in compat_sys_pselect7 2006-09-26 10:52:39 +02:00
dcache.c NFS: Add dentry materialisation op 2006-09-22 23:24:30 -04:00
dcookies.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
direct-io.c [PATCH] lockdep: annotate direct io 2006-07-03 15:27:06 -07:00
dnotify.c [PATCH] Use __read_mostly on some hot fs variables 2006-03-26 08:56:56 -08:00
dquot.c [PATCH] dquot: add proper locking when using current->signal->tty 2006-09-29 09:18:14 -07:00
drop_caches.c
eventpoll.c [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
exec.c [PATCH] Fix unserialized task->files changing 2006-09-29 09:18:12 -07:00
fcntl.c BUG_ON() Conversion in fs/fcntl.c 2006-04-02 13:37:19 +02:00
fifo.c [PATCH] pipe.c/fifo.c code cleanups 2006-04-11 13:53:33 +02:00
file_table.c [PATCH] inode-diet: Move i_cdev into a union 2006-09-27 08:26:17 -07:00
file.c [PATCH] alloc_fdtable() cleanup 2006-09-27 08:26:19 -07:00
filesystems.c [PATCH] Ban register_filesystem(NULL); 2006-09-29 09:18:20 -07:00
fs-writeback.c [PATCH] zoned vm counters: conversion of nr_unstable to per zone counter 2006-06-30 11:25:36 -07:00
generic_acl.c [PATCH] Generic infrastructure for acls 2006-09-29 09:18:24 -07:00
inode.c [PATCH] fs.h: ifdef security fields 2006-09-29 09:18:11 -07:00
inotify_user.c [PATCH] inotify: fix deadlock found by lockdep 2006-07-31 13:28:41 -07:00
inotify.c [PATCH] inotify (4/5): allow watch removal from event handler 2006-06-20 05:25:19 -04:00
ioctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ioprio.c [PATCH] uninline ioprio_best() 2006-08-21 10:02:50 +02:00
Kconfig [PATCH] Generic infrastructure for acls 2006-09-29 09:18:24 -07:00
Kconfig.binfmt
libfs.c [PATCH] libfs: remove page up-to-date check from simple_readpage 2006-09-29 09:18:06 -07:00
locks.c [PATCH] fcntl(F_SETSIG) fix 2006-08-14 13:10:59 -07:00
Makefile [PATCH] Generic infrastructure for acls 2006-09-29 09:18:24 -07:00
mbcache.c [PATCH] mbcache: add lock annotation for __mb_cache_entry_release_unlock() 2006-09-29 09:18:07 -07:00
mpage.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
namei.c [PATCH] fs/namei.c: replace multiple current->fs by shortcut variable 2006-09-29 09:18:22 -07:00
namespace.c [PATCH] fs/namespace: handle init/registration errors 2006-09-29 09:18:05 -07:00
nfsctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
open.c [PATCH] fix wrong error code on interrupted close syscalls 2006-09-29 09:18:13 -07:00
pipe.c [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
pnode.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
quota.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
read_write.c [PATCH] fs/read_write.c: EXPORT_UNUSED_SYMBOL 2006-07-10 13:24:18 -07:00
readdir.c
select.c [PATCH] enforce RLIMIT_NOFILE in poll() 2006-09-29 09:18:23 -07:00
seq_file.c [PATCH] sem2mutex: fs/seq_file.c 2006-03-23 07:38:12 -08:00
splice.c [PATCH] splice: fix problems with sys_tee() 2006-07-10 11:00:01 +02:00
stat.c [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
super.c [PATCH] fs: add lock annotation to grab_super 2006-09-29 09:18:08 -07:00
sync.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
xattr_acl.c
xattr.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00