Speaker
Georgios Bitzes
(CERN)
Description
Supporting multiple parallel users in eosxd requires some mechanism of distinguishing their identities, and assigning a different set of credentials to each.
In this presentation, we detail our efforts in implementing the eosxd authentication subsystem based on process environment variables.
However, reading the environment variables of a process (/proc/pid/environ) from within a FUSE daemon comes with a major caveat: The possibility of triggering a deadlock in the Linux kernel. We will outline the root cause of this issue, and describe various mitigations and workarounds for preventing it, thus making environment-based authentication in a FUSE daemon feasible.
Primary authors
Georgios Bitzes
(CERN)
Andreas Joachim Peters
(CERN)
