LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 08-19-2004, 11:41 PM   #1
toubo
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Rep: Reputation: 0
How to enable linux filesystem capabilities for kernel 2.24.18


I just wonder if anybody know how to enable the filesystem capabilities in RedHat Linux 8.0 (Kernel 2.24.18) ? To be more specific, I would like to be able to raise the capabilities of any non root-owned executable files to perform some specific task such as mlock.

I have tried the kernel patch from ˇ§Olaf Dietscheˇ¨ but it seems that his patch is only for kernel 2.24.3.

Any suggestion or hint would be very appreciated.

Thanks in advance,

-=Toubo=-
 
Old 08-20-2004, 03:01 AM   #2
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
I think that's a 2.4.18 kernel maybe? But I'm not sure what you are trying to do?
 
Old 08-20-2004, 07:05 AM   #3
motub
Senior Member
 
Registered: Sep 2003
Location: The Netherlands
Distribution: Gentoo (main); SuSE 9.3 (fallback)
Posts: 1,607

Rep: Reputation: 46
Is it not possible to upgrade your kernel to 2.24.3, then? Or even to the 2.4 series, which might have this capability inbuilt?
 
Old 08-20-2004, 07:28 AM   #4
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
There is no kernel 2.24.18 or 2.24.3? RH8 came with 2.4.18 apparently.

I don't know what you are trying to achieve really? I read some of the Olaf Dietsche stuff, but I guess what would be helpful to everyone would be if you said exactly what you wanted to do and what apps you wanted to run, but not as root, etc?
 
Old 08-20-2004, 07:47 AM   #5
motub
Senior Member
 
Registered: Sep 2003
Location: The Netherlands
Distribution: Gentoo (main); SuSE 9.3 (fallback)
Posts: 1,607

Rep: Reputation: 46
Yes, I got it that RH8 most likely came with 2.4.18 (maybe the extra "2" was a typo), but there are still a few RH8 repositories around somewhere, and I would imagine that those might well contain a few kernel upgrades from the time that RH8 was current.

I don't know anything about this either, but given the definition of mlock
Quote:
NAME

mlock, munlock - lock or unlock a range of process address space (REALTIME)

SYNOPSIS


#include <sys/mman.h>

int mlock(const void * addr, size_t len);
int munlock(const void * addr, size_t len);



DESCRIPTION

The function mlock() causes those whole pages containing any part of the address space of the process starting at address addr and continuing for len bytes to be memory resident until unlocked or until the process exits or execs another process image. The implementation may require that addr be a multiple of {PAGESIZE}.

The function munlock() unlocks those whole pages containing any part of the address space of the process starting at address addr and continuing for len bytes, regardless of how many times mlock() has been called by the process for any of the pages in the specified range. The implementation may require that addr be a multiple of the {PAGESIZE}.


If any of the pages in the range specified to a call to munlock() are also mapped into the address spaces of other processes, any locks established on those pages by another process are unaffected by the call of this process to munlock(). If any of the pages in the range specified by a call to munlock() are also mapped into other portions of the address space of the calling process outside the range specified, any locks established on those pages via the other mappings are also unaffected by this call.


Upon successful return from mlock(), pages in the specified range will be locked and memory resident. Upon successful return from munlock(), pages in the specified range will be unlocked with respect to the address space of the process. Memory residency of unlocked pages is unspecified.


The appropriate privilege is required to lock process memory with mlock().
it would appear that it's a question of attempting to increase functionality of the kernel, without upgrading it to the point of possible breakage.

Although admittedly, if I needed this functionality for some reason, I'd be giving serious thought to upgrading from RH8. But maybe that's impossible at this time, or for this box (maybe it's a server).
 
Old 08-20-2004, 08:25 AM   #6
amosf
Senior Member
 
Registered: Jun 2004
Location: Australia
Distribution: Mandriva/Slack - KDE
Posts: 1,672

Rep: Reputation: 46
Sorry, it's late here and at a glance I thought your 'motub' tag looked a lot like 'toubo' tag... Well it has most of the same letters

I didn't look hard and thought you were the original guy

I was just trying to figure what he was trying to achieve and see if there was some other simple way arround it.
 
Old 08-20-2004, 09:11 AM   #7
toubo
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
Sorry for the confusion, it's indeed a typo. The kernel that I am in trouble with is 2.4.18. Since "Olaf Dietsche"'s filesystem capabilities kernel patch is only for 2.4.3, it fails to patch a much newer version of kernel. I can't change the version of kernel for now since there are some hardware driver that requires this version of kernel.

What I am trying to achieve here is to be able to give my application a special privilege (capabilities) so that it can be ran by anybody (as a non-root own process) while having the capabilities such as mlock() and sched_setscheduler(). I have tried the sudo command but it really made the process ran as root and the files generated by my application became root own as well. This is not desire since the user who ran the application can no longer manipulate the generated files.

At mean time, I have patched the kernel to enable the "CAP_SETPCAP" capability and I have created a root-own process that give capabilities to another process upon the request. Again, this is not desire since it requires every single application that needs special capability to be patched. It's still much preferable if the kernel can recognize the capabilities that a root user set to an application, and enable these capabilities for the application's process regardless of who ran the application.
 
Old 08-20-2004, 09:18 AM   #8
toubo
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
Hi Motub,

Based on what you said:
"Although admittedly, if I needed this functionality for some reason, I'd be giving serious thought to upgrading from RH8..."

Are you suggesting that a newer version of RedHat Linux or Kernel will have the filesystem capabilities ??? I thought that it's still debatable and I heard that this capabilities won't be put in kernel 2.6 as well. Please correct me if I am wrong.
 
Old 08-20-2004, 10:09 AM   #9
toubo
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
In addition, I have tried to set the s bit (chmod a+s app_name) but the application still won't have enough privilege to use the mlock().
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: Virtual Filesystem: Building a Linux Filesystem from an Ordinary File mchirico LinuxAnswers Discussion 0 10-28-2004 10:35 PM
Security kernel option: Default Linux Capabilities orgee Linux - Security 1 10-10-2004 07:55 AM
Multi-User Linux Capabilities Baryonic Being Linux - General 11 08-27-2004 12:18 PM
Linux multiuser capabilities for one user? mlhammer Linux - Newbie 4 11-10-2003 09:41 PM
How to enable SMP in my 2.4.20-8 version Linux kernel mahendaran_pv Linux - Software 0 10-16-2003 06:10 AM


All times are GMT -5. The time now is 07:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration