mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
2813893f8b
There are a lot of embedded systems that run most or all of their functionality in init, running as root:root. For these systems, supporting multiple users is not necessary. This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for non-root users, non-root groups, and capabilities optional. It is enabled under CONFIG_EXPERT menu. When this symbol is not defined, UID and GID are zero in any possible case and processes always have all capabilities. The following syscalls are compiled out: setuid, setregid, setgid, setreuid, setresuid, getresuid, setresgid, getresgid, setgroups, getgroups, setfsuid, setfsgid, capget, capset. Also, groups.c is compiled out completely. In kernel/capability.c, capable function was moved in order to avoid adding two ifdef blocks. This change saves about 25 KB on a defconfig build. The most minimal kernels have total text sizes in the high hundreds of kB rather than low MB. (The 25k goes down a bit with allnoconfig, but not that much. The kernel was booted in Qemu. All the common functionalities work. Adding users/groups is not possible, failing with -ENOSYS. Bloat-o-meter output: add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650) [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Iulia Manda <iulia.manda21@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
117 lines
3.8 KiB
Text
117 lines
3.8 KiB
Text
config NFSD
|
|
tristate "NFS server support"
|
|
depends on INET
|
|
depends on FILE_LOCKING
|
|
select LOCKD
|
|
select SUNRPC
|
|
select EXPORTFS
|
|
select NFS_ACL_SUPPORT if NFSD_V2_ACL
|
|
depends on MULTIUSER
|
|
help
|
|
Choose Y here if you want to allow other computers to access
|
|
files residing on this system using Sun's Network File System
|
|
protocol. To compile the NFS server support as a module,
|
|
choose M here: the module will be called nfsd.
|
|
|
|
You may choose to use a user-space NFS server instead, in which
|
|
case you can choose N here.
|
|
|
|
To export local file systems using NFS, you also need to install
|
|
user space programs which can be found in the Linux nfs-utils
|
|
package, available from http://linux-nfs.org/. More detail about
|
|
the Linux NFS server implementation is available via the
|
|
exports(5) man page.
|
|
|
|
Below you can choose which versions of the NFS protocol are
|
|
available to clients mounting the NFS server on this system.
|
|
Support for NFS version 2 (RFC 1094) is always available when
|
|
CONFIG_NFSD is selected.
|
|
|
|
If unsure, say N.
|
|
|
|
config NFSD_V2_ACL
|
|
bool
|
|
depends on NFSD
|
|
|
|
config NFSD_V3
|
|
bool "NFS server support for NFS version 3"
|
|
depends on NFSD
|
|
help
|
|
This option enables support in your system's NFS server for
|
|
version 3 of the NFS protocol (RFC 1813).
|
|
|
|
If unsure, say Y.
|
|
|
|
config NFSD_V3_ACL
|
|
bool "NFS server support for the NFSv3 ACL protocol extension"
|
|
depends on NFSD_V3
|
|
select NFSD_V2_ACL
|
|
help
|
|
Solaris NFS servers support an auxiliary NFSv3 ACL protocol that
|
|
never became an official part of the NFS version 3 protocol.
|
|
This protocol extension allows applications on NFS clients to
|
|
manipulate POSIX Access Control Lists on files residing on NFS
|
|
servers. NFS servers enforce POSIX ACLs on local files whether
|
|
this protocol is available or not.
|
|
|
|
This option enables support in your system's NFS server for the
|
|
NFSv3 ACL protocol extension allowing NFS clients to manipulate
|
|
POSIX ACLs on files exported by your system's NFS server. NFS
|
|
clients which support the Solaris NFSv3 ACL protocol can then
|
|
access and modify ACLs on your NFS server.
|
|
|
|
To store ACLs on your NFS server, you also need to enable ACL-
|
|
related CONFIG options for your local file systems of choice.
|
|
|
|
If unsure, say N.
|
|
|
|
config NFSD_V4
|
|
bool "NFS server support for NFS version 4"
|
|
depends on NFSD && PROC_FS
|
|
select NFSD_V3
|
|
select FS_POSIX_ACL
|
|
select SUNRPC_GSS
|
|
select CRYPTO
|
|
select GRACE_PERIOD
|
|
help
|
|
This option enables support in your system's NFS server for
|
|
version 4 of the NFS protocol (RFC 3530).
|
|
|
|
To export files using NFSv4, you need to install additional user
|
|
space programs which can be found in the Linux nfs-utils package,
|
|
available from http://linux-nfs.org/.
|
|
|
|
If unsure, say N.
|
|
|
|
config NFSD_PNFS
|
|
bool "NFSv4.1 server support for Parallel NFS (pNFS)"
|
|
depends on NFSD_V4
|
|
help
|
|
This option enables support for the parallel NFS features of the
|
|
minor version 1 of the NFSv4 protocol (RFC5661) in the kernel's NFS
|
|
server.
|
|
|
|
If unsure, say N.
|
|
|
|
config NFSD_V4_SECURITY_LABEL
|
|
bool "Provide Security Label support for NFSv4 server"
|
|
depends on NFSD_V4 && SECURITY
|
|
help
|
|
|
|
Say Y here if you want enable fine-grained security label attribute
|
|
support for NFS version 4. Security labels allow security modules like
|
|
SELinux and Smack to label files to facilitate enforcement of their policies.
|
|
Without this an NFSv4 mount will have the same label on each file.
|
|
|
|
If you do not wish to enable fine-grained security labels SELinux or
|
|
Smack policies on NFSv4 files, say N.
|
|
|
|
config NFSD_FAULT_INJECTION
|
|
bool "NFS server manual fault injection"
|
|
depends on NFSD_V4 && DEBUG_KERNEL
|
|
help
|
|
This option enables support for manually injecting faults
|
|
into the NFS server. This is intended to be used for
|
|
testing error recovery on the NFS client.
|
|
|
|
If unsure, say N.
|