IORING_REGISTER_CREDS[_UPDATE]() and credfd_create()?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jens,

now that we have IORING_FEAT_CUR_PERSONALITY...

How can we optimize the fileserver case now, in order to avoid the
overhead of always calling 5 syscalls before io_uring_enter()?:

 /* gain root again */
 setresuid(-1,0,-1); setresgid(-1,0,-1)
 /* impersonate the user with groups */
 setgroups(num, grps); setresgid(-1,gid,-1); setresuid(-1,uid,-1);
 /* trigger the operation */
 io_uring_enter();

I guess some kind of IORING_REGISTER_CREDS[_UPDATE] would be
good, together with a IOSQE_FIXED_CREDS in order to specify
credentials per operation.

Or we make it much more generic and introduce a credsfd_create()
syscall in order to get an fd for a credential handle, maybe
together with another syscall to activate the credentials of
the current thread (or let a write to the fd trigger the activation
in order to avoid an additional syscall number).

Having just an fd would allow IORING_REGISTER_CREDS[_UPDATE]
to be just an array of int values instead of a more complex
structure to define the credentials.

What do you think?
metze

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux