On Mon, Aug 7, 2017 at 12:27 PM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> On Fri, 2017-08-04 at 10:49 -0400, Olga Kornievskaia wrote:
>> Allow a user to call into the file system and ask to destroy FS
>> credentials. For instance, when the user logs out after using
>> a kerberized NFS share, he destroys Kerberos credentials but NFS
>> credentials remain valid until the gss context expires. Allow
>> the user (or things like pam) to trigger destruction of such
>> credentials.
>>
>> A userland application would do:
>>
>> fd = open("/mnt", O_DIRECTORY|O_RDONLY);
>> syscall(_NR_destroy_creds, fd);
>>
>> v2: fixing a hasty IS_DIR check, definition of __NR_destroy_creds
>> and order of the patches
>>
>> Olga Kornievskaia (3):
>> VFS adding destroy_creds call
>> SUNRPC mark user credentials destroyed
>> NFS define vfs destroy_creds functions
>>
>> arch/x86/entry/syscalls/syscall_32.tbl | 1 +
>> arch/x86/entry/syscalls/syscall_64.tbl | 1 +
>> fs/nfs/dir.c | 8 ++++++++
>> fs/read_write.c | 22 ++++++++++++++++++++++
>> include/linux/fs.h | 2 ++
>> include/linux/sunrpc/auth.h | 5 +++++
>> include/linux/syscalls.h | 2 +-
>> include/uapi/asm-generic/unistd.h | 4 +++-
>> kernel/sys_ni.c | 1 +
>> net/sunrpc/auth.c | 9 +++++++++
>> net/sunrpc/auth_generic.c | 15 +++++++++++++++
>> net/sunrpc/auth_gss/auth_gss.c | 3 +++
>> 12 files changed, 71 insertions(+), 2 deletions(-)
>>
>
> I think I'd like to see a proposed manpage for this syscall.
>
And better CC linux-api...
> How do you expect this syscall to be used by userland? What will call it
> and under what circumstances?
>
> Also, this looks at first glance like a single-purpose, single-
> filesystem call. Would this have any purpose at all outside of NFS?
> Would this be usable with CIFS or Ceph in some fashion?
>
> --
> Jeff Layton <jlayton@xxxxxxxxxx>
