Linux 单用户模式patch解析

在我之前文章提到Linux 4.1内核支持单用户模式（传送门：https://blog.csdn.net/cui841923894/article/details/81568351），此模式下用户UID和GID均为0同时不再区分用户权限（类root权限），应用于在某些小系统（例如嵌入式系统）。
接下来我们看下这个patch是如何实现内核单用户的。

内核patch解析

patch查看地址：https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2813893f8b197a14f1e1ddb04d99bce46817c84a

1.commit说明

kernel: conditionally support non-root users, groups and capabilities
There are a lot of embedded systems that run most or all of their
functionality in init, running as root:root.  For these systems,
supporting multiple users is not necessary.
在很多嵌入式系统中，他们始终使用root:root用户进行操作。这些系统中，多用户功能显得不是很必需（鸡肋了~）。

This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for
non-root users, non-root groups, and capabilities optional.  It is enabled
under CONFIG_EXPERT menu.
这个patch添加了新的CONFIG_MULTIUSER内核开关，支持non-root users，, non-root groups, and capabilities。

When this symbol is not defined, UID and GID are zero in any possible case
and processes always have all capabilities.
当CONFIG_MULTIUSER关闭（关闭多用户模式），UID和GID均是0，进程拥有所有capabilities拥有的功能。

The following syscalls are compiled out: setuid, setregid, setgid,
setreuid, setresuid, getresuid, setresgid, getresgid, setgroups,
getgroups, setfsuid, setfsgid, capget, capset.
同时系统调用setuid, setregid, setgid,
setreuid, setresuid, getresuid, setresgid, getresgid, setgroups,
getgroups, setfsuid, setfsgid, capget, capset将不再编译（和支持）。

Also, groups.c is compiled out completely.
同时group.c文件不再编译。

In kernel/capability.c, capable function was moved in order to avoid
adding two ifdef blocks.
kernel/capability.c中的capable相关函数也将移除（其实是采用#ifdef来判断进入正常处理还是直接返回）。

This change saves about 25 KB on a defconfig build.  The most minimal
kernels have total text sizes in the high hundreds of kB rather than
low MB.  (The 25k goes down a bit with allnoconfig, but not that much.
这项修改在使用defconfig（内核的默认config）可以节省25KB的内核二进制大小。在小内核的config场景可以节省数百KB空间（小于1MB）。在allnoconfig下节省稍微小于25KB的空间。

The kernel was booted in Qemu.  All the common functionalities work.
Adding users/groups is not possible, failing with -ENOSYS.
在虚拟机启动的系统（验证），基本系统调用都可以正常运行，所有设计添加users/groups的操作都无效，返回-ENOSYS。

Bloat-o-meter output:
add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650)

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Iulia Manda <iulia.manda21@gmail.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Geert Uytterhoeven <geert@lin