kernel: conditionally support non-root users, groups and capabilities

There are a lot of embedded systems that run most or all of their functionality in init, running as root:root. For these systems, supporting multiple users is not necessary. This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for non-root users, non-root groups, and capabilities optional. It is enabled under CONFIG_EXPERT menu. When this symbol is not defined, UID and GID are zero in any possible case and processes always have all capabilities. The following syscalls are compiled out: setuid, setregid, setgid, setreuid, setresuid, getresuid, setresgid, getresgid, setgroups, getgroups, setfsuid, setfsgid, capget, capset. Also, groups.c is compiled out completely. In kernel/capability.c, capable function was moved in order to avoid adding two ifdef blocks. This change saves about 25 KB on a defconfig build. The most minimal kernels have total text sizes in the high hundreds of kB rather than low MB. (The 25k goes down a bit with allnoconfig, but not that much. The kernel was booted in Qemu. All the common functionalities work. Adding users/groups is not possible, failing with -ENOSYS. Bloat-o-meter output: add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650) [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Iulia Manda <iulia.manda21@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Iulia Manda <iulia.manda21@gmail.com> 2015-04-15 19:16:41 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2015-04-15 19:35:22 -0400
commit: 2813893f8b197a14f1e1ddb04d99bce46817c84a (patch)
tree: 650651e638f867a6bda23e08c70bdd9857d121ca /fs/nfsd
parent: c79574abe2baddf569532e7e430e4977771dd25c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
index 683bf718aead..fc2d108f5272 100644
--- a/fs/nfsd/Kconfig
+++ b/fs/nfsd/Kconfig
@@ -6,6 +6,7 @@ config NFSD
        select SUNRPC
        select EXPORTFS
        select NFS_ACL_SUPPORT if NFSD_V2_ACL
+        depends on MULTIUSER
        help
          Choose Y here if you want to allow other computers to access
          files residing on this system using Sun's Network File System
author	Iulia Manda <iulia.manda21@gmail.com>	2015-04-15 19:16:41 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2015-04-15 19:35:22 -0400
commit	2813893f8b197a14f1e1ddb04d99bce46817c84a (patch)
tree	650651e638f867a6bda23e08c70bdd9857d121ca /fs/nfsd
parent	c79574abe2baddf569532e7e430e4977771dd25c (diff)

diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig index 683bf718aead..fc2d108f5272 100644 --- a/fs/nfsd/Kconfig +++ b/fs/nfsd/Kconfig
@@ -6,6 +6,7 @@ config NFSD
6	select SUNRPC	6	select SUNRPC
7	select EXPORTFS	7	select EXPORTFS
8	select NFS_ACL_SUPPORT if NFSD_V2_ACL	8	select NFS_ACL_SUPPORT if NFSD_V2_ACL
		9	depends on MULTIUSER
9	help	10	help
10	Choose Y here if you want to allow other computers to access	11	Choose Y here if you want to allow other computers to access
11	files residing on this system using Sun's Network File System	12	files residing on this system using Sun's Network File System