setgroups() problem w/ arla module loaded

Wed Jun 23 00:49:19 CEST 2004

On Tue, 22 Jun 2004, Harald Barth wrote:

> 
> > Actually, it does not have prebuilt modules for the 2.6.5-7* kernels. Not 
> > a big deal, since I can build them myself...
> 
> Good. With which kernel(s) have you tested the nnpfs module? SMP?

Ok, a report:

- I was not able to build the source RPM.  It makes a few iterations, 
trying to build for all the versions installed on my system:

2.6.4-54.5-smp-mts	(has minor mods to work on my employers VPN)
2.6.5-7.75-smp		(stock)

eventually falling over in the nnpfs module build with a missing 
$(LINUX_VERSION_PATCHLEVEL) value.  I believe this is due to crawling down 
the wrong symlink from /lib/modules/2.6.5-7.75/{build,source}.  Is this a 
SuSE-ism?  I'm afraid I don't understand what's trying to happen there, 
but it's broken a number of external module builds (NVidia and VMware ko's 
to be precise).  Easy fixes, but seems like gratuitous churn nonetheless.

- I updated my CVS source to the latest head.  This built and installed 
without a problem.  After starting Arla, I was unable to authenticate.

Brief aside:  Perhaps I'm just too dense, but I've never had any luck 
getting the Heimdal tools to authenticate with AFS.  I've been using 
'klog' from the OpenAFS RPMs supplied by SuSE. 

The OAFS klog worked with stock arla 0.36.1, but came back with 
authentication failures on the CVS head build.

- I then applied the syscall patch from the source RPM to 0.36.1 and 
rebuilt that source tree.  Once installed, all was well again.  With the 
SMP module I'm able to access both my own cell and my employers.  I'm 
using dynroot, which seems fine.  

Took a while to figure out the AliasDB file (found by grepping the 
sources).  Would it be possible to adopt the same file naming as OpenAFS?  
They call this CellAlias, FWIW.

I'd be glad to try CVS head and/or the latest source RPM if you have any 
patches or suggestions.  Something recent has caused the authentication 
issue.

> 
> > $ iozone auto
> > in an AFS volume.
> 
> Will do.

False alarm.  After reading the warning about ReiserFS and cache, I 
realized this was precisely my issue.  After moving the cache to an ext3 
volume, iozone chugs right along.

> I don't know for sure, but I have the feeling that some of the leading
> names in the kernel development team do not quite understand what this
> AFS thing is all about.

Those of us working for large, multi-national corporations have come to 
appreciate it immensely.

> > Your solution for managing PAGs seems quite simple. Is there some
> > reason that hooking the syscall wouldn't work for OpenAFS?
> 
> The syscall hooking solution is not something that will work forever,
> but today the syscall interface is the one that is used by all the
> utilities. We are currently working on a /proc alternative but there
> are other operating systems which need the developers attention.
> Before a /proc solution can be reality in a prodcution environment,
> compatible changes must be made in OpenAFS, Arla, Heimdal, MIT-krb,
> PAM and maybe more packages.

Looks like some hurdles ahead.  

Steve