[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Roland McGrath
Subject: /servers/default-pager
Date: Fri, 14 Jun 2002 05:57:35 -0400 (EDT)

I have just whipped up some changes in my tree that add a proxy-defpager
translator as I referred to earlier.  This is a trivfs that groks the
default_pager.defs calls and passes them on to the real default pager
(gotten from the privileged kernel interface).  I have changes to vmstat
and swapon so that they look up /servers/default-pager for the default
pagert port if they can't get the host priv port (which they try first, so
root won't trigger translators while trying to diddle).  This lets vmstat
no longer be setuid.  It also lets the permission bits on the node control
who can do swapon/off, instead of only root.  I made read permission let
you get info (vmstat), write permission diddle storage (swapon), and
execute permission do object_create (tmpfs et al).  So the default mode
should be 755, but e.g. could use a group and 775 to allow non-root in that
group to swapon, and e.g. could use nobody bits to disallow nobody from
doing default_pager_object_create.

Does this seem like a good plan?  Having vmstat not be setuid is nice, but
the real immediate motivator for this is having tmpfs/console work for

reply via email to

[Prev in Thread] Current Thread [Next in Thread]