Re: security capabilities on filesystems

From: Lukasz Stelmach
Date: Sun Jan 29 2006 - 19:32:34 EST

Next message: Eric W. Biederman: "Re: 2.6.16-rc1-mm4"
Previous message: Francois Romieu: "Re: [PATCH] dscc4: fix dscc4_init_dummy_skb check"
In reply to: Peter Gordon: "Re: security capabilities on filesystems"
Next in thread: Arjan van de Ven: "Re: security capabilities on filesystems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Gordon wrote:

>>I've poke around for some information but all I got (was this lousy t-shirt)
>>that there is no support for capablities stored on a filesystem. However, I'd
>>like to ask if there are any chances to see this feature soon.
>
> What do you mean exactly? Ext2 (and its journalled cousin, Ext3; I'm
> not certain of other filesystems) can both store POSIX-style Access
> Control Lists (ACLs) and SELinux labeling as part of the inode
> metadata.

Reiserfs, xfs and jfs too.

Yet they all can't store, or I don't know how to set it up, POSIX
capabilities for executables. Those like CAP_NET_RAW or CAP_SYS_RAWIO.
The former is useful for ping the latter (was?) for X11. I know that this
functionality can be achived with SELinux but it's to havy-weight for me.
I'd rather implement BSD seclevels and capabilities.

> Hope this helps.

I am afraid no :-(

Bye.
--
ByÅo mi bardzo miÅo. Czwarta pospolita klÄska, [...]
>Åukasz< JuÅ nie katolicka lecz zÅodziejska. (c)PP

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: Eric W. Biederman: "Re: 2.6.16-rc1-mm4"
Previous message: Francois Romieu: "Re: [PATCH] dscc4: fix dscc4_init_dummy_skb check"
In reply to: Peter Gordon: "Re: security capabilities on filesystems"
Next in thread: Arjan van de Ven: "Re: security capabilities on filesystems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]