Re: Capabilities across execve

From: Olaf Dietsche
Date: Fri Mar 18 2005 - 19:15:45 EST

Next message: Andrew Morton: "Re: RFC: Bug in generic_forget_inode() ?"
Previous message: Pavel Machek: "Re: fix-u32-vs-pm_message_t-in-usb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Wright <chrisw@xxxxxxxx> writes:

> * Alexander Nyberg (alexn@xxxxxxxxx) wrote:
>> I can see useful scenarios of having the possiblity of capabilities per
>> inode (it appears the xattr way wins somewhat in the previous
>> discussion).
>
> It's how it should be done.

I agree to disagree :-)

>> Chris, have you seen any capabilities+xattr patches around?
>
> http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/

Which is pretty useless, since it doesn't apply to any recent
(> 2.4.3) kernel. If you insist on a xattr based approach, take
Andy Lutomirski's <http://www.stanford.edu/~luto/linux-fscap/>
patch. It is more recent, a lot smaller and considerably more
understandable (at least for me ;-).

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: RFC: Bug in generic_forget_inode() ?"
Previous message: Pavel Machek: "Re: fix-u32-vs-pm_message_t-in-usb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]