These patches add local caching for network filesystems such as NFS and AFS.
The patches can roughly be broken down into a number of sets:
(*) 01-keys-inc-payload.diff
(*) 02-keys-search-keyring.diff
(*) 03-keys-callout-blob.diff
Three patches to the keyring code made to help the CIFS people.
Included because of patches 05-08.
(*) 04-keys-get-label.diff
A patch to allow the security label of a key to be retrieved.
Included because of patches 05-08.
(*) 05-security-current-fsugid.diff
(*) 06-security-separate-task-bits.diff
(*) 07-security-subjective.diff
(*) 08-security-kernel-service.diff
Patches to permit the subjective security of a task to be overridden.
All the security details in task_struct are decanted into a new struct
that task_struct then has two pointers two: one that defines the
objective security of that task (how other tasks may affect it) and one
that defines the subjective security (how it may affect other objects).
Note that I have dropped the idea of struct cred for the moment. With
the amount of stuff that was excluded from it, it wasn't actually any
use to me. However, it can be added later.
Required for cachefiles.
(*) 09-release-page.diff
(*) 10-fscache-page-flags.diff
(*) 11-add_wait_queue_tail.diff
(*) 12-fscache.diff
Patches to provide a local caching facility for network filesystems.
(*) 13-cachefiles-ia64.diff
(*) 14-cachefiles-ext3-f_mapping.diff
(*) 15-cachefiles-write.diff
(*) 16-cachefiles-monitor.diff
(*) 17-cachefiles-export.diff
(*) 18-cachefiles.diff
Patches to provide a local cache in a directory of an already mounted
filesystem.
(*) 19-fscache-nfs.diff
(*) 20-fscache-nfs-mount.diff
(*) 21-fscache-nfs-display.diff
Patches to provide NFS with local caching.
(*) 22-fcrypt-bit-annotate.diff
A fix for AFS.
(*) 23-afs-testsetpageerror.diff
(*) 24-afs-cancel_rejected_write.diff
(*) 25-afs-rejected-writeback.diff
(*) 26-afs-opID.diff
(*) 27-afs-shared-writable-mmap.diff
Patches to provide AFS with improved write support.
(*) 28-fscache-afs.diff
Patches to provide AFS with local caching.
There are some issues with these patches that I'd like advice on:
(1) Is the security override stuff acceptable?
(2) Should the audit context be placed in the task_security struct?
(3) Should the task security context actually be shared by CLONE_THREAD?
(should it be placed in struct thread_group_security).
(4) How to handle superblock sharing in NFS? (I've sent a separate email on
this)
Andrew, Linus, can you please hold off on taking these patches for the moment.
--
A tarball of the patches is available at:
http://people.redhat.com/~dhowells/fscache/patches/nfs+fscache-25.tar.bz2
To use this version of CacheFiles, the cachefilesd-0.9 is also required. It
is available as an SRPM:
http://people.redhat.com/~dhowells/fscache/cachefilesd-0.9-1.fc7.src.rpm
Or as individual bits:
http://people.redhat.com/~dhowells/fscache/cachefilesd-0.9.tar.bz2
http://people.redhat.com/~dhowells/fscache/cachefilesd.fc
http://people.redhat.com/~dhowells/fscache/cachefilesd.if
http://people.redhat.com/~dhowells/fscache/cachefilesd.te
http://people.redhat.com/~dhowells/fscache/cachefilesd.spec
The .fc, .if and .te files are for manipulating SELinux.
David
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
