Re: Filesystem Capabilities in 2.6?

• Next message: Olaf Dietsche: "Re: Filesystem Capabilities in 2.6?"
• Previous message: Olaf Dietsche: "Re: Filesystem Capabilities in 2.6?"
• In reply to: Oliver Xymoron: "Re: Filesystem Capabilities in 2.6?"
• Next in thread: Linus Torvalds: "Re: Filesystem Capabilities in 2.6?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Oliver Xymoron <oxymoron@waste.org> writes:

> Generally, though there'd need to be an option to emulate, say, setgid
> mail.

Look at sucap and execcap available with libcap. Combine them and you
get a capability wrapper.

> On Sat, Nov 02, 2002 at 09:00:38PM -0700, Dax Kelson wrote:
>
>> Currently all capabilities are cleared when non-root app does a execp.
>> This would need to be addressed.
>
> Hrmm. I thought the inherit mask dealt with that.

You need the inherit set of the parent process _and_ the inherit set
of the binary to agree. For the latter you need some sort of fs
capabilities.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Olaf Dietsche: "Re: Filesystem Capabilities in 2.6?"
• Previous message: Olaf Dietsche: "Re: Filesystem Capabilities in 2.6?"
• In reply to: Oliver Xymoron: "Re: Filesystem Capabilities in 2.6?"
• Next in thread: Linus Torvalds: "Re: Filesystem Capabilities in 2.6?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:29 EST