Re: [PATCH] 2.6.0-test6: Filesystem capabilities 0.15
From: Andy Lutomirski
Date: Sat Oct 04 2003 - 02:22:25 EST
Olaf Dietsche wrote:
This *untested* patch implements filesystem capabilities. It allows
to run privileged executables without the need for suid root.
Changes: - updated to 2.6.0-test6 - added lscap to show fs caps for a
This patch is available at:
I have an alternate patch, implementing file capabilities using xattrs.
It also implements the
exec changes I proposed a few days back, but this time around it's a
config option. Note that
this patch is very non-intrusive. The user API is through setxattr and
friends, and the changes
to any filesystem to support this patch are minimal (add the
system.capabilities xattr and
validate its contents on setxattr).
The patch and user tools are at http://www.stanford.edu/~luto/linux-fscap/
(Apply the cap- patches in order. Patches are against 2.6.0-test6 vanilla.)
Olaf -- what do you think? (I like your CAP_SETFCAP addition -- I may
add it to my patch.
Currently anyone can chcap their own files, as long as they hold the
capabilities they want
# cp `which ping` myping
# chmod 755 myping
# chcap cap_net_raw+p myping
$ ./myping localhost
-- Andy Lutomirski
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/