On Fri, 1 Sep 2000, Linus Torvalds wrote:
> Oh, I basically agree, _except_ that Al Viro has these ideas pending for
> 2.5.x that basically create a "process capability cache" that is a cache
> of all the process ID's and capabilities (ie uid, gid, groups etc). Which
> would be this copy-on-write thing.
> And that may end up mixing well with a "CLONE_CAPABILITIES" flag.
I don't think so. Look: suppose we've got two processes sharing the
credentials pointer. Fine. We also have something else (e.g. opened file
or pending NFS request, etc.) sharing these creds. Now we do the setgid().
How would it know that we want to have creds of the second process
changed, but creds of everything else left unchanged? "Partial copy-on-write"
is an odd thing...
BTW, idea is hardly mine - it goes back at least to early 90s (as
do the problems that make it useful).
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:12 EST