Simon Wilkinson schrieb:
It's a bit more complex than this. What happens is that with every setpag we allocate two key objects. The first is a session keyring, which we allocate as the user performing the setpag, and is counted against their quota. The second is an object to contain the PAG, which is allocated as root so that a user can't change the PAG that they are in. Due to us failing to keep up with kernel interface changes this is counted against roots quota, but will still be created even if root is over quota.
Luckily, the PAG object isn't actually created if creation of the new session keyring fails. This is correct, as otherwise you could end up changing a PAG that you share with somebody else, giving credentials to somebody who doesn't deserve them.
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rainer Toebbicke European Laboratory for Particle Physics(CERN) - Geneva, Switzerland Phone: +41 22 767 8985 Fax: +41 22 767 7155 _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
