The current kernel has a compile-time limit for the maximum number
of groups that a user can be a member of. According to the glibc-
manual NGROUPS_MAX is "The value of this macro is actually a lower
bound for the maximum".
The proposal is to add a sysctl parameter kernel/ngroups_max that
is used as the maximum number of groups that a user can be member
of at once. The ngroup variable and group array are removed from
the task_struct and a pointer to a new groups_struct is added.
The group struct looks like:
struct groups_struct {
atomic_t count;
int ngroups;
gid_t groups[0];
};
It contains a reference-counter the number of secondary groups
that is stored in the struct and a array of gid_t:s. This struct
is dynamicly allocated from sys_setgroup which then gets an extra
error code ENOMEM.
The reference count is needed as the struct is "reused" for child
processes. This will often mean one groups_struct per user and
login.
What do you think, is this a feature that is desirable for for the
kernel?
Please CC all comments directly to me as I am not subscribed to
this list.
/Mattias
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/