Re: [PATCH v3] kernel: Conditionally support non-root users, groups and capabilities

Sun, 08 Feb 2015 01:06:07 -0800 

Hi Iulia,

On Fri, Feb 6, 2015 at 2:10 PM, Iulia Manda <iulia.mand...@gmail.com> wrote:
> On 6 February 2015 at 02:03, Iulia Manda <iulia.mand...@gmail.com> wrote:
>> There are a lot of embedded systems that run most or all of their 
>> functionality
>> in init, running as root:root. For these systems, supporting multiple users 
>> is
>> not necessary.
>>
>> This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for 
>> non-root
>> users, non-root groups, and capabilities optional. It is enabled under
>> CONFIG_EXPERT menu.
>>
>> When this symbol is not defined, UID and GID are zero in any possible case
>> and processes always have all capabilities.
>>
>> The following syscalls are compiled out: setuid, setregid, setgid,
>> setreuid, setresuid, getresuid, setresgid, getresgid, setgroups, getgroups,
>> setfsuid, setfsgid, capget, capset.
>>
>> Also, groups.c is compiled out completely.
>>
>> This change saves about 25 KB on a defconfig build.
>>
>> The kernel was booted in Qemu. All the common functionalities work. Adding
>> users/groups is not possible, failing with -ENOSYS.
>>
>> Bloat-o-meter output:
>> add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650)
>>
>
> Forgot to add:
>
> Signed-off-by: Iulia Manda <iulia.mand...@gmail.com>
> Reviewed-by: Josh Triplett <j...@joshtriplett.org>
>
>> ---
>> Changes since v2:
>>         - rename symbol;
>>         - make SECURITY dependent on MULTIUSER
>>
>
> + make symbols depend on MULTIUSER instead of selecting it.

Thanks for the update!

Acked-by: Geert Uytterhoeven <ge...@linux-m68k.org>

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to