On Thu, 10 Feb 2000, Peter Benie wrote:
> Filesystems without capabilities will exist for a _long_ time, and
> people will want to be able to use them for setuid root programs. How
> about diskless clients mounting their root filesystem over NFS?
Two options: a wrapper, or modify the suid progs to use libcap. Neither
quite have the elegance of proper fs support though :-/
> I haven't really figured out what the bounding set is for. It doesn't
> seem to do anything that couldn't be done trivially by using wrappers
> in inittab to remove capabilities from the inheritable set a la Irix.
I think the inheritance mask is applied _before_ any forced capabilities
on a binary take effect. So you need a system wide catch-all so you can be
confident about your bounding set without having to trawl the disk.
> And I'm puzzled by the capabilities given to init. Why doesn't init
> run with all capabilites? cap_setpcap is a subset of cap_sys_admin
> (because of mknod and /dev/kmem) so I see no point in not making
> setpcap inheritable from init.
I believe that's to discourage use of cap_setpcap rather than it being
perceived as "too powerful". Andrew Morgan had some strong reasons for
this, I'll see if I can dig them out of my mail bucket.
Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:19 EST