Re: Capabilities help

From: Chris Wright
Date: Tue Jan 13 2004 - 20:08:22 EST

Next message: David Rees: "Re: modprobe failed: digest_null"
Previous message: Matt Mackall: "Re: netpoll bug - kgdboe on x86_64"
In reply to: john moser: "Capabilities help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* john moser (bluefoxicy@xxxxxxxxx) wrote:
> I know this is working, because I checked my code over, plus the double
> chroot / fails. I can still load modules, change the system time,
> and administrate the network.

First are you sure you dropped those particular bits? Assuming you are,
what's your .config look like (esp. CONFIG_SECURITY_*)? Can you show me
that your process is dropping a capability (say from /proc/<pid>/status),
and that the capability is still enabled?

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rees: "Re: modprobe failed: digest_null"
Previous message: Matt Mackall: "Re: netpoll bug - kgdboe on x86_64"
In reply to: john moser: "Capabilities help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]