These patches add local caching for network filesystems such as NFS.
The patches can roughly be broken down into a number of sets:
(*) 01-keys-inc-payload.diff
(*) 02-keys-search-keyring.diff
(*) 03-keys-callout-blob.diff
Three patches to the keyring code made to help the CIFS
Increase the size of a payload that can be used to instantiate a key in
add_key() and keyctl_instantiate_key(). This permits huge CIFS SPNEGO blobs to
be passed around. The limit is raised to 1MB. If kmalloc() can't allocate a
buffer of sufficient size, vmalloc() will be tried instead.
Add a keyctl() function to get the security label of a key.
The following is added to Documentation/keys.txt:
(*) Get the LSM security context attached to a key.
long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer,
size_t buflen)
This function
Change current-fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
arch/ia64/kernel/perfmon.c|4 ++--
arch/powerpc/platforms/cell/spufs/inode.c |4 ++--
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Acked-by: Stephen Smalley [EMAIL PROTECTED]
---
include/linux/security.h | 13 +
security/dummy.c |6 ++
security/security.c
Add a 'kernel_service' object class to SELinux and give this object class two
access vectors: 'use_as_override' and 'create_files_as'.
The first vector is used to grant a process the right to nominate an alternate
process security ID for the kernel to use as an override for the SELinux
subjective
The attached patch causes read_cache_pages() to release page-private data on a
page for which add_to_page_cache() fails or the filler function fails. This
permits pages with caching references associated with them to be cleaned up.
The invalidatepage() address space op is called (indirectly) to
Provide an add_wait_queue_tail() function to add a waiter to the back of a
wait queue instead of the front.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/pagemap.h |7 +--
include/linux/wait.h|2 ++
kernel/wait.c | 18 ++
Add a function to install a monitor on the page lock waitqueue for a particular
page, thus allowing the page being unlocked to be detected.
This is used by CacheFiles to detect read completion on a page in the backing
filesystem so that it can then copy the data to the waiting netfs page.
Fix a memory leak whereby multiple clientaddr=xxx mount options just overwrite
the duplicated client_address option pointer, without freeing the old memory.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/nfs/super.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git
Separate caching by superblock, explicitly if necessary. This means mounts of
the same remote data with different parameters do not share cache objects for
common files. The administrator may also provide a uniquifier to further
enhance the uniqueness.
Where it is otherwise impossible to
Stephen Smalley [EMAIL PROTECTED] wrote:
Make sure that you or Dan submits a policy patch to register these
classes and permissions in the policy when the kernel patch is queued
for merge.
Do I just send the attached patch to [EMAIL PROTECTED]? Or do I need to
make a diff from a point in the
On Wed, 23 Jan 2008, David Howells wrote:
Stephen Smalley [EMAIL PROTECTED] wrote:
Make sure that you or Dan submits a policy patch to register these
classes and permissions in the policy when the kernel patch is queued
for merge.
Do I just send the attached patch to [EMAIL
13 matches
Mail list logo