you don't want to commit this yet. We'll do testing today and let you know how it goes.
We do want to commit it at some point. The default hostowner is going to be nanwan. ron On Thu, Jan 5, 2017 at 10:31 AM Barret Rhoden <[email protected]> wrote: > On 2017-01-05 at 09:35 "Ron Minnich (Gerrit)" > <[email protected]> wrote: > > Ron Minnich has posted comments on this change. ( > > https://akaros-review.googlesource.com/3342 ) > > > > Change subject: capdev: fix iseve check, set initial hostowner to nanwan > > ...................................................................... > > > > > > Patch Set 2: Code-Review+2 > > > > note: this may break things. That's life. We have to do this. > > any idea if this breaks things or not? like ssh, vms, snoopy, etc? > > i would like to hold off on merging this patch until we sort out the > things that it will break. i.e. a patch set consisting of this patch > and whatever is needed to fix what it breaks. right now, is anyone > ever eve? > > iseve() is only used in a few places: > > iseve 76 kern/drivers/dev/capability.c if (iseve() && > c->qid.path == Qhash) > iseve 103 kern/drivers/dev/capability.c if > (!iseve()) > iseve 210 kern/drivers/dev/capability.c if > (!iseve()) > iseve 1111 kern/drivers/dev/cons.c if > (!iseve()) > iseve 1116 kern/drivers/dev/cons.c if > (!iseve()) > iseve 1145 kern/drivers/dev/cons.c if > (!iseve()) > iseve 1201 kern/drivers/dev/cons.c if > (!iseve()) > iseve 418 kern/drivers/dev/proc.c if (iseve()) > iseve 989 kern/include/ns.h int iseve(void); > iseve 427 kern/src/net/devip.c if (omode > & (O_WRITE | O_TRUNC) && !iseve()) > iseve 459 kern/src/net/devip.c if > (strcmp(ATTACHER(c), cv->owner) != 0 && !iseve()) > iseve 615 kern/src/net/devip.c if (!iseve() && > strcmp(ATTACHER(c), cv->owner) != 0) > iseve 998 kern/src/net/devip.c if (!iseve()) > > > the stuff in #ip is related to port permissions, writing to ndb, > snoopy, and ipwstat. for which of those is 'eve' actually important, > and what does the eve check buy us? > > the iseve test in proc is commented out. > > in cons, we have checks related to writing Qtime, Qbintime, reboot, and > commented-out checks in sysctl and qswap. Same as with #ip, what's the > deal with permissions there? > > so far, it looks like eve is used as a limited form of 'root' - you're > allowed to do a set of things beyond a regular user (special ports, > reboot, change the time). how does that fit in with our model? > > at the very least, we'd probably want to set the initial process's > username to "nanwan" or whatever will pass the iseve() check, and then > other processes can downgrade their capabilities with the #cap device. > > barret > > -- > You received this message because you are subscribed to the Google Groups > "Akaros" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Akaros" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
