Emmanuel Dreyfus <manu@...> writes:
> On Tue, Dec 13, 2011 at 09:42:20AM +0100, Miklos Szeredi wrote:
>> Yes, I already wrote about that a few emails earlier, but you seem to
>> have missed it. So here it is again.
> Sorry, I indeed missed it.
> That proposal introduce a lot of complexity in the kernel, with the risk
> of creating bugs. If I understand correctly, each time the a process
> sends sends its first filesystem request, the kernel should send a
> FUSE_CRED_NEW, then wait for it to complete before sending any
> operation. That introduce latency, I am not sure it is an improvement
> over reading /proc
It's more efficient since almost always it will be the same few
credentials that are used. So the FUSE_CRED_NEW will only be needed
> The kernel also have to send FUSE_CRED_DESTROY for a proces that
> has sent a FUSE_CRED_NEW, and it also has to send FUSE_CRED_DESTROY then
> FUSE_CRED_NEW when setgroups(2) has been called. That introduces a lot
> of kernel state.
Hooking into setgroups(2) is crazy.
The kernel can just do something like this in fuse_get_req():
cred_id = fuse_find_cred(current);
cred_id = fuse_cred_new(current);
Where fuse_find_cred() searches the cache for the current process'
credentials. And if there's a miss fuse_cred_new() sends out the
FUSE_CRED_NEW message and adds the created entry to the cache.
But yes, it's complex.
> I have another propsal to do. Here is the requirement summary:
> - secondary groups should be sent in the the FUSE header when the
> filesystem requested it at init time, because that is the simpliest way
> of doing it.
> - the FUSE header must be able to cope with up to NGROUPS_MAX groups
> - we do not want to send a fixed length array with NGROUPS_MAX slots,
> because Linux NGROUPS_MAX is 65536, which is huge
> - Fixed length header is highly desirable for performances optimization
> We could have a secondary group list with a variable number of slots, but
> with a minimum. The filesystem would set that minimum in fuse_init_out.
> When there are less group that this minimum, the header has a fixed
> length, which allows optimizations. If there are more groups than the
> minimum, the header gets bigger and all groups are sent. That situation
> kills optimization of write operations, but the filesystem can be
> configured to request a higher minimum group slots to works that around.
This is basically a series of hacks to make it confirm to the
Why not just make a new syscall instead?
int getgroupsbypid(pid_t pid, size_t size, gid_t list);