Chris Wright <[EMAIL PROTECTED]> writes:
> * Alexander Nyberg ([EMAIL PROTECTED]) wrote:
>> I can see useful scenarios of having the possiblity of capabilities per
>> inode (it appears the xattr way wins somewhat in the previous
>> discussion).
>
> It's how it should be done.
I agree to disagree
> > > It was meant to work with capabilities in the filesystem like setuid bits.
> > > So the patches that have floated around from myself, Andy Lutomirski
> > > and Alex Nyberg are attempts to make something half-way sane out of the
> > > mess. The trouble is then convincing yourself that it's no
Russell King, the latest person to notice defects, writes:
> However, the way the kernel is setup today, this seems
> impossible to achieve, which tends to make the whole
> idea of capabilities completely and utterly useless.
>
> How is this stuff supposed to work? Are my ideas of
> what's suppos
* Alexander Nyberg ([EMAIL PROTECTED]) wrote:
> tis 2005-03-15 klockan 14:42 -0800 skrev Chris Wright:
> > It was meant to work with capabilities in the filesystem like setuid bits.
> > So the patches that have floated around from myself, Andy Lutomirski
> > and Alex Nyberg are attempts to make som
tis 2005-03-15 klockan 14:42 -0800 skrev Chris Wright:
> * Russell King ([EMAIL PROTECTED]) wrote:
> > At some point, I decided I'd like to run a certain program non-root
> > with certain capabilities only. I looked at the above two programs
> > and stupidly thought they'd actually allow me to do
* Russell King ([EMAIL PROTECTED]) wrote:
> At some point, I decided I'd like to run a certain program non-root
> with certain capabilities only. I looked at the above two programs
> and stupidly thought they'd actually allow me to do this.
>
> However, the way the kernel is setup today, this see
On Sat, Mar 12, 2005 at 07:21:17PM -0800, Chris Wright wrote:
> * Alexander Nyberg ([EMAIL PROTECTED]) wrote:
> > This makes it possible for a root-task to pass capabilities to
> > nonroot-task across execve. The root-task needs to change it's
> > cap_inheritable mask and set prctl(PR_SET_KEEPCAPS,
> > This makes it possible for a root-task to pass capabilities to
> > nonroot-task across execve. The root-task needs to change it's
> > cap_inheritable mask and set prctl(PR_SET_KEEPCAPS, 1) to pass on
> > capabilities.
>
> This overloads keepcaps, which could surprise to existing users.
curre
Hi!
> This makes it possible for a root-task to pass capabilities to
> nonroot-task across execve. The root-task needs to change it's
> cap_inheritable mask and set prctl(PR_SET_KEEPCAPS, 1) to pass on
> capabilities.
> At execve time the capabilities will be passed on to the new
> nonroot-task a
* Alexander Nyberg ([EMAIL PROTECTED]) wrote:
> This makes it possible for a root-task to pass capabilities to
> nonroot-task across execve. The root-task needs to change it's
> cap_inheritable mask and set prctl(PR_SET_KEEPCAPS, 1) to pass on
> capabilities.
This overloads keepcaps, which could
10 matches
Mail list logo
