• Iulia Manda's avatar
    kernel: conditionally support non-root users, groups and capabilities · 2813893f
    Iulia Manda authored
    There are a lot of embedded systems that run most or all of their
    functionality in init, running as root:root.  For these systems,
    supporting multiple users is not necessary.
    
    This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for
    non-root users, non-root groups, and capabilities optional.  It is enabled
    under CONFIG_EXPERT menu.
    
    When this symbol is not defined, UID and GID are zero in any possible case
    and processes always have all capabilities.
    
    The following syscalls are compiled out: setuid, setregid, setgid,
    setreuid, setresuid, getresuid, setresgid, getresgid, setgroups,
    getgroups, setfsuid, setfsgid, capget, capset.
    
    Also, groups.c is compiled out completely.
    
    In kernel/capability.c, capable function was moved in order to avoid
    adding two ifdef blocks.
    
    This change saves about 25 KB on a defconfig build.  The most minimal
    kernels have total text sizes in the high hundreds of kB rather than
    low MB.  (The 25k goes down a bit with allnoconfig, but not that much.
    
    The kernel was booted in Qemu.  All the common functionalities work.
    Adding users/groups is not possible, failing with -ENOSYS.
    
    Bloat-o-meter output:
    add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650)
    
    [akpm@linux-foundation.org: coding-style fixes]
    Signed-off-by: default avatarIulia Manda <iulia.manda21@gmail.com>
    Reviewed-by: default avatarJosh Triplett <josh@joshtriplett.org>
    Acked-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
    Tested-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
    Reviewed-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    2813893f
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
capability.c Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...