On Fri, Sep 18, 2015 at 03:41:10PM -0700, Andy Zhou wrote: > On Fri, Sep 18, 2015 at 12:40 PM, Ben Pfaff <b...@nicira.com> wrote: > > I'm concerned that there are, after this patch, two different ways to > > switch to a new uid and gid on the same system, one of them used by some > > daemons and the other by other daemons, and that in some cases the > > method used by some daemons just won't be supported and will abort. > > That kind of complexity is going to cause confusion and in a security > > context that means it will cause security holes. What can we do to > > reduce the complexity? My suggestion is that we should always use > > libcap-ng in all cases on Linux. Then it's less nuanced and easier to > > explain and I think that it's more likely to be used correctly in > > practice. > > Sure, make sense. I will use libcap-ng on Linux, setresuid() for > other Unix platform > Windows platform should not accept the --user option, at least not > until it is supported > on that platform.
Perfect! Thank you. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
