Hello,
Ts'o wrote: >since _obviously_ when root calls setuid(), it never fails, right? Well this really depends on how privileged a certain root user (think of SELinux and others) is. >(2) There was some debate about whether or not this method was the > course of wisdom, James Morris wrote: >Should we be thinking about deprecating and removing capabilities from >Linux? My one half says no. But it needs reworking. Just look what I had to do with the linux source code in order to get this < ftp://ftp.gwdg.de/linux/misc/suser-jengelh/multiadm-1.0.tbz2 > to work as intended - I had to poke really hard on caps stuff to get this module done. And my other half says yes, because it's ironically to give a user all caps and then limit a certain user's permissions using LSM hook functions. So in effect, if you wanted root accounts of varying powers, all of them would need some - or even all - caps so that the code flow can reach the security_*() functions at all, because capable() is done before security_*(). So to get to security_*(), caps must be enabled, which turns a if(!capable(CAP_DAC_OVERRIDE)) return; into, effectively, if(0) return; With regard to _this_, I think it would be best to kill the cap checks, and let a security_* function handle it, in the style of "security/traditional.c". Jan Engelhardt -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
