| 1 |
On Tue, Jul 06, 2004 at 06:18:12AM -0700, Duncan wrote: |
| 2 |
> Greg KH posted <20040705200509.GB18900@×××××.com>, excerpted below, on |
| 3 |
> Mon, 05 Jul 2004 13:05:09 -0700: |
| 4 |
> |
| 5 |
> > On Mon, Jul 05, 2004 at 09:33:34AM -0700, Duncan wrote: |
| 6 |
> >> That's not a sufficient test. Mainline 2.6 kernels have standard Linux |
| 7 |
> >> security capabilities broken out into their own module, now. Thus, it |
| 8 |
> >> can be compiled in as traditional, compiled as a module (my |
| 9 |
> >> configuration, with it specifically loaded at boot, since the kernel |
| 10 |
> >> isn't smart enough to auto-load it on its own, yet) |
| 11 |
> > |
| 12 |
> > And how would you expect such a "auto-load" system to work for the |
| 13 |
> > capabilities module? |
| 14 |
> |
| 15 |
> I really don't know. I really don't know how the kernel knows to load a |
| 16 |
> LOT of the modules, but it does. |
| 17 |
|
| 18 |
It knows how to "autoload" modules 2 different ways: |
| 19 |
- A hardware device is added to the system, which generates a |
| 20 |
hotplug event and that causes the driver that can control the |
| 21 |
device to be loaded. See the linux-hotplug.sf.net web site |
| 22 |
for some (pretty old) information about this, or a paper about |
| 23 |
how it all works (a bit old, but it still happens the same |
| 24 |
way) is at: |
| 25 |
http://www.kroah.com/linux/talks/ols_2001_hotplug_paper/hotplug.ps |
| 26 |
with some slides from my presentation about this at: |
| 27 |
http://www.kroah.com/linux/talks/ols_2001_hotplug_talk/html |
| 28 |
|
| 29 |
- a device node is opened, and there is no driver that is |
| 30 |
associated with it. This causes the kernel try try to load |
| 31 |
any module that says it will support that device. Now, this |
| 32 |
method is going out of style, as most major/minor numbers |
| 33 |
associated with a device node are not directly mapped to a |
| 34 |
driver (like for all pci devices). If you use udev, you can |
| 35 |
not do this kind of loading, as the device node is not present |
| 36 |
for the kernel to determine it in the first place. |
| 37 |
|
| 38 |
Now before you think that autoloading the capabilities module the second |
| 39 |
way mentioned above, grep the kernel source tree for the capable() |
| 40 |
function. Yeah it's called _everywhere_ whenever you do pretty much |
| 41 |
_anything_. |
| 42 |
|
| 43 |
So sorry, we can't autoload the capabilities module right now, and I |
| 44 |
don't see it happening in the future. :( |
| 45 |
|
| 46 |
> BTW, thanks for the reply. It's been interesting at times, watching |
| 47 |
> people respond to your posts, not having /any/ idea that you ARE one of |
| 48 |
> the kernel developers, indeed, UDEV wouldn't be the same without you. <g> |
| 49 |
> You don't wear it on your sleeve, or in a sig, like some would, and your |
| 50 |
> name doesn't quite stand out like "Linus" would. =:^) |
| 51 |
|
| 52 |
Shhh, don't blow my cover :) |
| 53 |
|
| 54 |
Hope this helps, |
| 55 |
|
| 56 |
greg k-h |
| 57 |
|
| 58 |
-- |
| 59 |
gentoo-dev@g.o mailing list |
Archives