Re: Filesystem Capabilities in 2.6?

From: Linus Torvalds (torvalds@transmeta.com)
Date: Sat Nov 02 2002 - 23:54:45 EST

Next message: Oliver Xymoron: "Re: Filesystem Capabilities in 2.6?"
Previous message: Randy.Dunlap: "Re: Kconfig (qt) -> Gconfig (gtk)"
In reply to: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Next in thread: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Reply: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Reply: Jesse Pollard: "Re: Filesystem Capabilities in 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2 Nov 2002, Alexander Viro wrote:
>
> No, that's OK -
>
> mount --bind /usr/bin/foo.real /usr/bin/foo.real
> mount -o remount,nosuid /usr/bin/foo.real

Ehh. With the nosuid mount that will remove the effectiveness of the suid
bit (not just the user change - it will also mask off the elevation of the
capabilities), so the bind-mount with the capability mask will now mask
off nothing to start with.

Wouldn't it be much nicer to have:

/usr/bin/foo - no suid bits, no capabilities by default

mount --bind --capability=xx,yy /usr/bin/foo /usr/bin/foo

where the mount actually adds capabilities? Looks more understandable to
me.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oliver Xymoron: "Re: Filesystem Capabilities in 2.6?"
Previous message: Randy.Dunlap: "Re: Kconfig (qt) -> Gconfig (gtk)"
In reply to: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Next in thread: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Reply: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Reply: Jesse Pollard: "Re: Filesystem Capabilities in 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:28 EST