Re: [PATCH] 2.6.38: access permission filesystem 0.24
From: Randy Dunlap
Date: Sun Apr 10 2011 - 22:03:22 EST
On 4/10/2011 2:50 PM, Olaf Dietsche wrote:
This *untested* patch adds a new permission managing file system.
Furthermore, it adds two modules, which make use of this file system.
One module allows granting capabilities based on user-/groupid. The
second module allows to grant access to lower numbered ports based on
user-/groupid, too.
Changes:
- updated to 2.6.38
This patch is available at:
<http://www.olafdietsche.de/linux/accessfs/>
and attached inline below.
Regards, Olaf
Documentation/filesystems/accessfs.txt | 41 +++
fs/Kconfig | 1 +
fs/Makefile | 1 +
fs/accessfs/Kconfig | 63 +++++
fs/accessfs/Makefile | 11 +
fs/accessfs/capabilities.c | 108 ++++++++
fs/accessfs/inode.c | 432 ++++++++++++++++++++++++++++++++
fs/accessfs/ip.c | 101 ++++++++
include/linux/accessfs_fs.h | 42 +++
include/net/sock.h | 43 ++++
net/Kconfig | 12 +
net/Makefile | 1 +
net/hooks.c | 55 ++++
net/ipv4/af_inet.c | 2 +-
net/ipv6/af_inet6.c | 2 +-
15 files changed, 913 insertions(+), 2 deletions(-)
+config ACCESSFS_USER_PORTS
+ tristate "User permission based IP ports"
+ depends on ACCESS_FS
+ select NET_HOOKS
+ default n
+ help
+ If you say Y here, you will be able to control access to IP ports
+ based on user-/groupid. For this to work, you must say Y
+ to CONFIG_NET_HOOKS.
That last sentence is handled (in theory) by "select NET_HOOKS", right?
But NET_HOOKS depends on INET && EXPERIMENTAL, so this config should not
select NET_HOOKS unless INET && EXPERIMENTAL are enabled also.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/