DragonFly kernel List (threaded) for 2013-03
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: DragonFly 3.4 release planning
--bcaec54eef8c51a1c304d92a181c
Content-Type: text/plain; charset=ISO-8859-1
On Sat, Mar 30, 2013 at 12:25 PM, Matthew Dillon <
dillon@apollo.backplane.com> wrote:
>
> :> Binaries in /bin and /sbin are compiled statically, which makes them
> unusable
> :> with NSS modules.
> :> This is IMHO the biggest remaining issue with this release.
> :
> :Just curious - hasn't this been the case for some time?
> :And if so / not - why did this become an issue for you now?
> :
> :Not taking one side or another, just wondering about more background info,
> :though I do seem to recall a rather strong position taken *against*
> :dynamic /bin /sbin in this project when FreeBSD switched to dynamic
> :builds in the freebsd ~6.x-7.x era
> :
> :Cheers,
> :
> :- Chris
>
> I think I'm the only one who is really against making /bin and /sbin
> dynamic. I feel kinda silly standing on top of the hill holding up
> the red flag :-(.
>
> I really hate the concept of a /rescue. I could live with a nullfs
> overloading of /bin and /sbin, but so far nobody (including I) has
> thought up a good clean way to do it and still have the safety of
> static binaries in single-user mode.
>
> -Matt
> Matthew Dillon
> <dillon@backplane.com>
>
For the record, both Sascha and I are against it as well.
I think the cleanest solution is to compile in a pam module to kick auth
requests to an auth daemon that is capable of loading nss modules (or even
other pam modules). That said, I have neither verified that this is
absolutely possible within the constraints of the NSS API, nor do I intend
to be the one doing the work, not having any pressing need for NSS myself.
Sam
--bcaec54eef8c51a1c304d92a181c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra">On Sat, Mar 30, 2013 at 12:25 P=
M, Matthew Dillon <span dir=3D"ltr"><<a href=3D"mailto:dillon@apollo.bac=
kplane.com" target=3D"_blank">dillon@apollo.backplane.com</a>></span> wr=
ote:<br>
<div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204=
);border-left-style:solid;padding-left:1ex"><br>
:> Binaries in /bin and /sbin are compiled statically, which makes them =
unusable<br>
<div class=3D"im">:> with NSS modules.<br>
:> This is IMHO the biggest remaining issue with this release.<br>
:<br>
:Just curious - hasn't this been the case for some time?<br>
:And if so / not - why did this become an issue for you now?<br>
:<br>
:Not taking one side or another, just wondering about more background info,=
<br>
:though I do seem to recall a rather strong position taken *against*<br>
:dynamic /bin /sbin in this project when FreeBSD switched to dynamic<br>
:builds in the freebsd ~6.x-7.x era<br>
:<br>
:Cheers,<br>
:<br>
:- Chris<br>
<br>
</div>=A0 =A0 I think I'm the only one who is really against making /bi=
n and /sbin<br>
=A0 =A0 dynamic. =A0I feel kinda silly standing on top of the hill holding =
up<br>
=A0 =A0 the red flag :-(.<br>
<br>
=A0 =A0 I really hate the concept of a /rescue. =A0I could live with a null=
fs<br>
=A0 =A0 overloading of /bin and /sbin, but so far nobody (including I) has<=
br>
=A0 =A0 thought up a good clean way to do it and still have the safety of<b=
r>
=A0 =A0 static binaries in single-user mode.<br>
<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
=A0 -Matt<br>
<span class=3D""><font color=3D"#888888">=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Matthew Dillon<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
=A0 <<a href=3D"mailto:dillon@backplane.com">dillon@backplane.com</a>&g=
t;<br>
</font></span></blockquote></div><br></div><div class=3D"gmail_extra">For t=
he record, both Sascha and I are against it as well.</div><div class=3D"gma=
il_extra"><br></div><div class=3D"gmail_extra">I think the cleanest solutio=
n is to compile in a pam module to kick auth requests to an auth daemon tha=
t is capable of loading nss modules (or even other pam modules). That said,=
I have neither verified that this is absolutely possible within the constr=
aints of the NSS API, nor do I intend to be the one doing the work, not hav=
ing any pressing need for NSS myself.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra" style>Sam</=
div></div>
--bcaec54eef8c51a1c304d92a181c--
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]