Re: [PATCH] Implement file posix capabilities
From: Chris Friedhoff
Date: Wed Nov 29 2006 - 05:30:06 EST
I use this patch with 2.6.18.3.
patching: ok
configuring: ok
compiling: ok
installing: ok
running: ok
tested with httpd, smbd, nmbd, named, cupsd, ping, traceroute,
modprobe, traceroute, ntpdate, xinit, killall, eject, dhcpd, route,
qemu: ok
I use this patch as documented: http://www.friedhoff.org/fscaps.html
I also tested the patched kernel with "CONFIG_SECURITY_FS_CAPABILITIES
is not set" and xinit kills X perfectly, when the GUI is stopped.
Any other tests that might be helpful?
The webpage is updated.
Chris
On Mon, 27 Nov 2006 11:07:40 -0600
"Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:
> From: Serge E. Hallyn <serue@xxxxxxxxxx>
> Subject: [PATCH 1/1] Implement file posix capabilities
>
> Implement file posix capabilities. This allows programs to be given a
> subset of root's powers regardless of who runs them, without having to use
> setuid and giving the binary all of root's powers.
>
> This version works with Kaigai Kohei's userspace tools, found at
> http://www.kaigai.gr.jp/index.php. For more information on how to use this
> patch, Chris Friedhoff has posted a nice page at
> http://www.friedhoff.org/fscaps.html.
>
> Changelog:
> Nov 27:
> Incorporate fixes from Andrew Morton
> (security-introduce-file-caps-tweaks and
> security-introduce-file-caps-warning-fix)
> Fix Kconfig dependency.
> Fix change signaling behavior when file caps are not compiled in.
- snip -
--------------------
Chris Friedhoff
chris@xxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/