On Fri, 7 Aug 2009 15:29:38 +0200 (CEST) Alberto Mancini <[email protected]> wrote:
> > On Fri, 7 Aug 2009, Simon Wilkinson wrote: > > > The current implementation only looks at the keyring if it can't > > determine the PAG from the process's groups. If it has to use the > > keyring, then it attempts to set the process's group list, so that > > the group is used for all future lookups. > > Is this for performance reasons (or for something i do not see) or > is just an implementation side-effect ? I'm not authoritative, but I just thought of one possible reason for this. If you only have keyrings and no gids representing the PAGs, it /looks/ like (I'm not sure) that the hourly GCPAGs will destroy them. Since that detects used PAGs by traversing the process list, identifying the PAG in a process, and flagging that PAG as used. However, when PagInCred falls back to checking the keyring, it checks the calling process's keyring (via request_key), not the process passed in (via, say, search_process_keyrings). Admittedly, it has a good reason to, since we don't pass in a process, we pass in an AFS_UCRED. So, if you have no gid PAGs in various processes, it won't detect the keyring ones, and it will destroy them. (Well, actually, I think it might have a failsafe that it doesn't destroy any if it didn't detect any PAGs, but I'm not sure) Someone can correct me if I'm wrong there, but I just noticed that that doesn't look quite right. I can continue to look at it. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
