[systemd-devel] [PATCH 2/2] policy: make policy checks work across user namespaces

Daniel Mack daniel at zonque.org
Mon Sep 8 06:27:42 PDT 2014


On 09/08/2014 03:18 PM, Djalal Harouni wrote:
>   * This is the internal version of struct kdbus_policy_db_access.
> @@ -51,7 +52,8 @@ struct kdbus_policy_db_cache_entry {
>  struct kdbus_policy_db_entry_access {
>  	u8 type;	/* USER, GROUP, WORLD */
>  	u8 access;	/* OWN, TALK, SEE */
> -	u64 id;		/* uid, gid, 0 */
> +	kuid_t uid;	/* global uid */
> +	kgid_t gid;	/* global gid */

Such an entry can only either be referring to a user or group rule,
determined by the 'type' field. Hence, having two members in the struct
is overkill. I understand you did this to have the real kernel types in
place, but we can put the two things in a union, right?

The rest looks good!


Thanks,
Daniel



More information about the systemd-devel mailing list