Re: Filesystem Capabilities in 2.6?

From: Bernd Eckenfels (ecki-news2002-09@lina.inka.de)
Date: Sun Nov 03 2002 - 10:20:08 EST

Next message: James Mayer: "Re: Regression in 2.4.20 radeonfb.c"
Previous message: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"
In reply to: Alan Cox: "Re: Filesystem Capabilities in 2.6?"
Next in thread: Ragnar Kjørstad: "Re: Filesystem Capabilities in 2.6?"
Reply: Ragnar Kjørstad: "Re: Filesystem Capabilities in 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <1036328263.29642.23.camel@irongate.swansea.linux.org.uk> you wrote:
> Namespaces is a way to inherit revocation of rights on a large scale (or
> a small one true). #! is a way to handle program specific revocation of
> rights which _is_ filesystem persistent.

#! would be a nice option to increase capabilities on invocation. But the
final target must be linked to the invocation by an entity/revision binding.
Since we do not have modification versions i could think about checksums:

#!#/bin/setcap
10de6c9a339800777c2a8c43a7def924 /bin/ls
+NET_ADMINe

This even will add another integrity checking layer tp the system.

Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Mayer: "Re: Regression in 2.4.20 radeonfb.c"
Previous message: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"
In reply to: Alan Cox: "Re: Filesystem Capabilities in 2.6?"
Next in thread: Ragnar Kjørstad: "Re: Filesystem Capabilities in 2.6?"
Reply: Ragnar Kjørstad: "Re: Filesystem Capabilities in 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:29 EST