> > _IF_ you go for ext2-only solution, you may as well add capabilities
> > into ext2 directly.
>
> No, the stickable solution also has the nice property of working with
> current tools right away (and I didn't explain this before). We
I believe that immutable bit is NOT currently supported by tar. So
your solution does not work right away. Aha. Forgoet what I said. You
are right - you want kernel to change _both_ bits at one request,
which will work. Nice.
> to change the kernel's behavior wrt setting the sticky bit. Under this
> scheme, setting the sticky bit is a priviledged operation requiring
> CAP_SETFCAP. If the current process has this cap raised, the kernel will
> comply by setting _both_ the sticky bit and the immutable bit; otherwise,
> neither gets set. This way, tar, rpm, dpkg, etc... can all be made to
> work fine by just setting their inheritable bits properly.
>
> > Well - it changes something. You'll have to go out and tell everyone
> > "stickybit + immutable is deadly combination". Many times.
>
> Yes, but consider _who_ will be the pioneers to first check the "CAP-ELF
> support (experimental)" box in kernel configuration. The help should say
> "Don't check this box without knowing what you're doing; it completely
> changes the UNIX security model. For documentation, see..."
Yes. And with my suid scheme, I could just compile it into kernel
unconditionally, and would not need to tell anyone. See the
difference?
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/