[systemd-devel] [PATCH 2/2] policy: make policy checks work across user namespaces
Daniel Mack
daniel at zonque.org
Mon Sep 8 06:27:42 PDT 2014
On 09/08/2014 03:18 PM, Djalal Harouni wrote:
> * This is the internal version of struct kdbus_policy_db_access.
> @@ -51,7 +52,8 @@ struct kdbus_policy_db_cache_entry {
> struct kdbus_policy_db_entry_access {
> u8 type; /* USER, GROUP, WORLD */
> u8 access; /* OWN, TALK, SEE */
> - u64 id; /* uid, gid, 0 */
> + kuid_t uid; /* global uid */
> + kgid_t gid; /* global gid */
Such an entry can only either be referring to a user or group rule,
determined by the 'type' field. Hence, having two members in the struct
is overkill. I understand you did this to have the real kernel types in
place, but we can put the two things in a union, right?
The rest looks good!
Thanks,
Daniel
More information about the systemd-devel
mailing list