Re: Capabilities

• Next message: M Sweger: "Re: Kernel v2.2.15pre5 SCSI 2940U2W with AIC7895 boot still broke(withfix)."
• Previous message: Chris Evans: "Re: Capabilities"
• In reply to: Chris Evans: "Re: Capabilities"
• Next in thread: Chris Evans: "Re: Capabilities"
• Reply: Chris Evans: "Re: Capabilities"
• Reply: Pavel Machek: "[PATCH] Re: Capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 10 Feb 2000, Chris Evans wrote:

> > > I want setuid root programs not to have all capabilites. cap_bound is
> > > not the answer since I still want some programs that are started from
> > > the system initialisation scripts to run with all capabilities.
> >
> > Mmm.. I'd like that too.
>
> You'll get that when the filesystem support for capabilities goes in.
>
> Alternatively, tighten up the bounding set as part of your system
> initialisation scripts.

Read what the man says, Chris. He wants to be able to decree that
setuid programs (for example) don't get CNBS without breaking inetd.

I don't believe that this is functionality for its own sake. If
you think or it as a sysctl which allows you to turn off bits of
SECURE_NO_SETUID_FIXUP.

Matthew.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: M Sweger: "Re: Kernel v2.2.15pre5 SCSI 2940U2W with AIC7895 boot still broke(withfix)."
• Previous message: Chris Evans: "Re: Capabilities"
• In reply to: Chris Evans: "Re: Capabilities"
• Next in thread: Chris Evans: "Re: Capabilities"
• Reply: Chris Evans: "Re: Capabilities"
• Reply: Pavel Machek: "[PATCH] Re: Capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:18 EST