Re: [PATCH] capabilities: Ambient capability set V1

From: Christoph Lameter
Date: Tue Feb 24 2015 - 10:58:21 EST

Next message: Daniel Wagner: "Re: [RFC v1 0/5] fs/locks: Use plain percpu spinlocks instead of lglock to protect file_lock"
Previous message: Ameen Ali: "[PATCH] dcssblk.c : Array index 'i' is used before limits check."
In reply to: Serge E. Hallyn: "Re: [PATCH] capabilities: Ambient capability set V1"
Next in thread: Serge Hallyn: "Re: [PATCH] capabilities: Ambient capability set V1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 24 Feb 2015, Serge E. Hallyn wrote:

> The other way to look at it then is that it's basically as though the
> privileged task (which has CAP_SETFCAP) could've just added fI=full to
> all binaries on the filesystem; instead it's using the ambient set
> so that the risk from fI=full is contained to its own process tree.

The way that our internal patch works is to leave these things alone and
just check the ambient mask in the *capable*() functions. That way the
behavior of the existing cap bits does not change but the ambient caps
stay available. Apps have no surprises.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Wagner: "Re: [RFC v1 0/5] fs/locks: Use plain percpu spinlocks instead of lglock to protect file_lock"
Previous message: Ameen Ali: "[PATCH] dcssblk.c : Array index 'i' is used before limits check."
In reply to: Serge E. Hallyn: "Re: [PATCH] capabilities: Ambient capability set V1"
Next in thread: Serge Hallyn: "Re: [PATCH] capabilities: Ambient capability set V1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]