1 |
On Tue, Jul 06, 2004 at 06:18:12AM -0700, Duncan wrote: |
2 |
> Greg KH posted <20040705200509.GB18900@×××××.com>, excerpted below, on |
3 |
> Mon, 05 Jul 2004 13:05:09 -0700: |
4 |
> |
5 |
> > On Mon, Jul 05, 2004 at 09:33:34AM -0700, Duncan wrote: |
6 |
> >> That's not a sufficient test. Mainline 2.6 kernels have standard Linux |
7 |
> >> security capabilities broken out into their own module, now. Thus, it |
8 |
> >> can be compiled in as traditional, compiled as a module (my |
9 |
> >> configuration, with it specifically loaded at boot, since the kernel |
10 |
> >> isn't smart enough to auto-load it on its own, yet) |
11 |
> > |
12 |
> > And how would you expect such a "auto-load" system to work for the |
13 |
> > capabilities module? |
14 |
> |
15 |
> I really don't know. I really don't know how the kernel knows to load a |
16 |
> LOT of the modules, but it does. |
17 |
|
18 |
It knows how to "autoload" modules 2 different ways: |
19 |
- A hardware device is added to the system, which generates a |
20 |
hotplug event and that causes the driver that can control the |
21 |
device to be loaded. See the linux-hotplug.sf.net web site |
22 |
for some (pretty old) information about this, or a paper about |
23 |
how it all works (a bit old, but it still happens the same |
24 |
way) is at: |
25 |
http://www.kroah.com/linux/talks/ols_2001_hotplug_paper/hotplug.ps |
26 |
with some slides from my presentation about this at: |
27 |
http://www.kroah.com/linux/talks/ols_2001_hotplug_talk/html |
28 |
|
29 |
- a device node is opened, and there is no driver that is |
30 |
associated with it. This causes the kernel try try to load |
31 |
any module that says it will support that device. Now, this |
32 |
method is going out of style, as most major/minor numbers |
33 |
associated with a device node are not directly mapped to a |
34 |
driver (like for all pci devices). If you use udev, you can |
35 |
not do this kind of loading, as the device node is not present |
36 |
for the kernel to determine it in the first place. |
37 |
|
38 |
Now before you think that autoloading the capabilities module the second |
39 |
way mentioned above, grep the kernel source tree for the capable() |
40 |
function. Yeah it's called _everywhere_ whenever you do pretty much |
41 |
_anything_. |
42 |
|
43 |
So sorry, we can't autoload the capabilities module right now, and I |
44 |
don't see it happening in the future. :( |
45 |
|
46 |
> BTW, thanks for the reply. It's been interesting at times, watching |
47 |
> people respond to your posts, not having /any/ idea that you ARE one of |
48 |
> the kernel developers, indeed, UDEV wouldn't be the same without you. <g> |
49 |
> You don't wear it on your sleeve, or in a sig, like some would, and your |
50 |
> name doesn't quite stand out like "Linus" would. =:^) |
51 |
|
52 |
Shhh, don't blow my cover :) |
53 |
|
54 |
Hope this helps, |
55 |
|
56 |
greg k-h |
57 |
|
58 |
-- |
59 |
gentoo-dev@g.o mailing list |