Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59

• Next message: Richard Stallman: "Re: [OFFTOPIC] RMS and reactions to him"
• Previous message: Krzysztof Halasa: "Generic HDLC and hw drivers update for 2.4"
• In reply to: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"
• Next in thread: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"
• Reply: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 20, 2003 at 01:39:39AM +0100, Russell Coker wrote:
> > What's the reason you can't just live with DAC for sysctls?
>
> What exactly do you mean by "live with DAC" in this context? If you mean
> "allow UID==0 processes to do whatever they like" then it's not going to work
> for any sort of chroot setup.

This means check the unix file permissions / ACLs only overriden by
CAP_FOWNER processes.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Richard Stallman: "Re: [OFFTOPIC] RMS and reactions to him"
• Previous message: Krzysztof Halasa: "Generic HDLC and hw drivers update for 2.4"
• In reply to: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"
• Next in thread: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"
• Reply: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jan 23 2003 - 22:00:22 EST