I have now coded a patch for dynamic secondary-groups limit under
Linux. This code should be considered alpha quality, but I still
would like some brave people to read and test it. I have been
testing for some time, and at the moment I do not have any known
bugs(1).
The patch does the following:
It removes the "ngroups" and "groups" fields from the task_struct
and adds a new field "sec_groups". This new field is a pointer to
a groups_struct as:
struct groups_struct {
atomic_t count;
int ngroups;
int max_ngroups;
gid_t groups[0];
};
This new struct is allocated by sys_setgroups and gets freed from
sys_setgroups or exit.c:release. do_fork only increases the reference
count and reuses the groups_struct.
sys_setgroups will check to see that the groups is sorted so that it
was possible to let all "in group" calls search with a binary-search.
If the groups list isn't sorted it will be sorted by a shell-sort.
Sorting is used because there is no call to "update" the groups-
list just to "rewrite".
Some applications may call setgroups quite often, so by reusing the
old groups_struct if it's large enough and no one else is referring
to it this should not impact to hard on these applications. But they
better see to it that save the returned info from getgroups if they
are switching between two secondary-groups sets, so that sys_setgroups
doesn't have to sort it more than once.
You can go and fetch the patch at:
http://www.sdf.se/~eldmgr/dynamic_groups.patch.2.3.12
The patch is against linux-2.3.12, but if someone would like it for
the 2.2-kernel I don't think that it should be any problem for me to
port it.
Note 1:
I have two things that I need some one more into the kernel to explain:
1) I use atomic for count, but it will fail if the process calling
fork is able to die before the fork is finished.
2) This is a problem I have seen from time to time, but I have only seen
it with my patched 2.3.9, that the system hangs when I try to reboot
it. The hang is after the "INIT: sending processes the TERM
signal..."
message but before the rc-scripts starts to stop all daemons.
/Mattias
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/