Hi Serge, On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote: > Privileged syslog operations currently require CAP_SYS_ADMIN. Split > this off into a new CAP_SYSLOG privilege which we can sanely take away > from a container through the capability bounding set.
Seems like a good idea, but it'll require code changes in libcap2, libcap-ng, as well as manpages. I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN, but this is a nice distinct subsystem to do now. Acked-By: Kees Cook <[email protected]> -- Kees Cook Ubuntu Security Team _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
