Okay, I'm trying to summarize this: - _without_ the CONFIG_SECURITY_FILE_CAPABILITIES setting, CAP_SETPCAP allows crazy cap-setting silliness, and is disabled by init - with CONFIG_SECURITY_FILE_CAPABILITIES, CAP_SETPCAP behaves differently, so it is not disabled by init
What I'd like to understand this better is an example of a "vulnerable" and "safe" behavior. From there, I can build a kernel both ways, and verify that CONFIG_SECURITY_FILE_CAPABILITIES is still safe. Can someone give me an example to use that demonstrates the dangerous behavior? -- ubuntu kernel removes CAP_SETPCAP https://bugs.launchpad.net/bugs/95089 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
