|| ||Andreas Gruenbacher <email@example.com>|
|| ||firstname.lastname@example.org, Andrew Morton <email@example.com>|
|| ||[patch 0/2] Tmpfs acls|
|| ||Sat, 02 Sep 2006 00:14:21 +0200|
|| ||James Morris <firstname.lastname@example.org>,
Kay Sievers <email@example.com>|
This is a refresh of the patches we have to support POSIX ACLs on tmpfs,
with the request for inclusion.
The patches solve the following problem: We want to grant access to
devices based on who is logged in from where, etc. This includes
switching back and forth between multiple user sessions, etc.
Using ACLs to define device access for logged-in users gives us all the
flexibility we need in order to fully solve the problem.
Device special files nowadays usually live on tmpfs, hence tmpfs ACLs.
Different distros have come up with solutions that solve the problem to
different degrees: SUSE uses a resource manager which tracks login
sessions and sets ACLs on device inodes as appropriate. RedHat uses
pam_console, which changes the primary file ownership to the logged-in
user. Others use a set of groups that users must be in in order to be
granted the appropriate accesses.
The freedesktop.org project plans to implement a combination of a
console-tracker and a HAL-device-list based solution to grant access to
devices to users, and more distros will likely follow this approach.
These patches have first been posted here on 2 February 2005, and again
on 8 January 2006. We have been shipping them in SLES9 and SLES10 with
no problems reported. The previous submission is archived here:
Could the patches please get included this time?
Andrew, is putting them in -mm for a while fine with you?
Andreas Gruenbacher <firstname.lastname@example.org>
Novell / SUSE Labs
VGER BF report: U 0.5