Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-24 Thread James Morris
On Wed, 23 Jul 2014, Eric Paris wrote: > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > plus fixing it a different way... Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris -- To unsubscribe from this list: send

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-23 Thread Serge E. Hallyn
Quoting Kees Cook (keesc...@chromium.org): > On Wed, Jul 23, 2014 at 1:49 PM, Eric Paris wrote: > > On Wed, 2014-07-23 at 13:46 -0700, Andy Lutomirski wrote: > >> On 07/23/2014 12:36 PM, Eric Paris wrote: > >> > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > >> > plus f

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-23 Thread Kees Cook
On Wed, Jul 23, 2014 at 1:49 PM, Eric Paris wrote: > On Wed, 2014-07-23 at 13:46 -0700, Andy Lutomirski wrote: >> On 07/23/2014 12:36 PM, Eric Paris wrote: >> > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 >> > plus fixing it a different way... >> >> You sent something

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-23 Thread Eric Paris
On Wed, 2014-07-23 at 13:46 -0700, Andy Lutomirski wrote: > On 07/23/2014 12:36 PM, Eric Paris wrote: > > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > > plus fixing it a different way... > > You sent something like this a couple days ago. What changed? right when I

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-23 Thread Andy Lutomirski
On 07/23/2014 12:36 PM, Eric Paris wrote: > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > plus fixing it a different way... You sent something like this a couple days ago. What changed? --Andy > > We found, when trying to run an application from an application whic

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-22 Thread Serge Hallyn
Quoting Andrew Vagin (ava...@parallels.com): > On Mon, Jul 21, 2014 at 04:59:01PM -0400, Eric Paris wrote: > > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > > plus fixing it a different way... > > > > We found, when trying to run an application from an application whic

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-22 Thread Andrew Vagin
On Mon, Jul 21, 2014 at 04:59:01PM -0400, Eric Paris wrote: > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > plus fixing it a different way... > > We found, when trying to run an application from an application which > had dropped privs that the kernel does security che

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-21 Thread Serge E. Hallyn
Quoting Eric Paris (epa...@redhat.com): > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > plus fixing it a different way... > > We found, when trying to run an application from an application which > had dropped privs that the kernel does security checks on undefined > c

Re: [PATCH] CAPABILITIES: remove undefined caps from all processes

2014-07-21 Thread Andy Lutomirski
On 07/21/2014 01:59 PM, Eric Paris wrote: > This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744 > plus fixing it a different way... > > We found, when trying to run an application from an application which > had dropped privs that the kernel does security checks on undefined >