Hi,
I like my PAGs unprotected. That is, without the setgroups wrapper. So I
wrote a patch (attached) that adds an option to libafs to turn off the
syscall table changes. I'd be happy to see it included in the official
distribution.
In case you wonder, my reasons for preferring unprotected PAGs include:
I don't need protected PAGs and my users won't notice the difference.
Since the syscall table thing is a bit controversial, avoiding it seems
like a good idea.
Getting out of a PAG can be useful sometimes, for example when starting
deamons.
If httpd is allowed to, it will break out of the PAG (if started from a
PAG:d shell). That means that the problem of getting into the same PAG
as httpd disappears, which makes it possible to use cron to update the
token for the httpd user.
/abo
--- src/afs/LINUX/osi_module.c 2005-07-11 21:29:56.000000000 +0200
+++ src/afs/LINUX/osi_module.c.syscallopt 2005-09-21 11:00:53.865859358 +0200
@@ -38,6 +38,11 @@
#include <linux/seq_file.h>
#endif
+/* If this is set, syscall is enabled */
+static int enable_syscall = 1;
+MODULE_PARM(enable_syscall, "i");
+MODULE_PARM_DESC(enable_syscall, "Enable syscall (on by default, set to 0 to disable)");
+
extern struct file_system_type afs_fs_type;
#if !defined(AFS_LINUX24_ENV)
@@ -360,9 +365,11 @@
osi_Init();
- err = osi_syscall_init();
- if (err)
- return err;
+ if (enable_syscall) {
+ err = osi_syscall_init();
+ if (err)
+ return err;
+ }
err = afs_init_inodecache();
if (err)
return err;
@@ -384,7 +391,8 @@
#endif
{
osi_sysctl_clean();
- osi_syscall_clean();
+ if (enable_syscall)
+ osi_syscall_clean();
unregister_filesystem(&afs_fs_type);
afs_destroy_inodecache();
