libcaps thread testing code committed
Joerg Sonnenberger
joerg at britannica.bec.de
Mon Dec 8 11:07:52 PST 2003
On Mon, Dec 08, 2003 at 10:21:33AM -0800, Matthew Dillon wrote:
> I'm going to take a short break and finish up the IPC code. I've been
> pondering the new IPC API over the weekend (the one that I proposed
> earlier and mocked up in libcaps) and it still looks good. With
> direct kernel support we will be able to move things like
> getpwuid() and so forth into IPC services leaving only emergency
> flat-file support in libc for when IPC is not running (during boot and
> during shutdown), and also to allow sysop access when it breaks.
After a bit more thinking about NSS and IPC, do we even need that?
I mean for mounting the critical filesystems it is not needed. If we
have a complex backend like LDAP which needs network access, having
a stackable facility in the NS server is enough or alternativly start
a bootstrap version and later update to the "full" NS configuration.
That way libc only needs very basic fall-back functions generating
e.g. some kind of template entry with sprintf(pw_name,"%d",uid) for
getpwuid and the like. The sysop hopefully knows the uid of root if
he spots it with ps ;) Authentication in such a situation is somewhat
different, since login or its backend can get the necessary fall back
support directly, they need to anyway since providing pw_password
via NSS is not really useful, is it? The situation is similiar to
a hosed up /etc, once you got a shell you do not need the uid/gid lookup.
>
> A bunch of things are coming together all at once, it's kind hard to
> pick and choose what piece of pounce on next!
It is definitly an interesting month.
Joerg
>
> -Matt
> Matthew Dillon
> <dillon at xxxxxxxxxxxxx>
>
More information about the Kernel
mailing list