Some developers have been unhappy about the merging of devtmpfs for 2.6.32;
one even posted a patch to remove it again. Ingo Molnar, instead, simply
reported a bug
: when devtmpfs created
, it made them inaccessible to
unprivileged accounts. That breaks most applications in the system, which,
Ingo thought, was not entirely desirable.
The devtmpfs developers originally responded that udev should have set the
permissions properly by the time any sort of user-space application was
running. But devtmpfs raises the possibility of running without udev
altogether, at least on relatively simple systems. Linus agreed that this would be a nice possibility,
but noted that it would not work if a small number of special files were
not world-accessible. Setting the permissions properly is not that hard,
but it leads in a direction the devtmpfs developers had not wanted to go:
it puts a certain amount of administrative policy into the kernel.
In the end, though, that is exactly what happened; devtmpfs gained the
query to get default permissions from kernel subsystems and implement them
in the filesystem. Given that these permissions were Linus's largest
complaint about the whole thing, it now seems likely that devtmpfs has a secure
place in the 2.6.32 kernel.
to post comments)