Re: why are capabilities disabled?

From: Sven Köhler
Date: Fri Feb 13 2004 - 13:02:06 EST

Next message: Nicolas Mailhot: "Re: JFS default behavior (was: UTF-8 in file systems?xfs/extfs/etc.)"
Previous message: Nicolas Mailhot: "Re: JFS default behavior (was: UTF-8 in file systems?xfs/extfs/etc.)"
In reply to: Valdis . Kletnieks: "Re: why are capabilities disabled?"
Next in thread: Valdis . Kletnieks: "Re: why are capabilities disabled?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"getpcaps 1" shows, that the init-process is started without cap_setpcap, and i know that i can change that somehow.
So why are capabilities disabled? and how do i enable them?

i found the hint again: i have to change the value CAP_INIT_EFF_SET in capability.h, so that init-process is not started with disabled cap_setpcap, but is this still a security risk?

There was a long thread back in October 2003 labeled:
Subject: Re: posix capabilities inheritance
http://marc.theaimsgroup.com/?l=linux-kernel&m=106673587410831&w=2

everybody's talking about filesystem-capabilities etc.
i still dream of starting a process with a certain capability.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicolas Mailhot: "Re: JFS default behavior (was: UTF-8 in file systems?xfs/extfs/etc.)"
Previous message: Nicolas Mailhot: "Re: JFS default behavior (was: UTF-8 in file systems?xfs/extfs/etc.)"
In reply to: Valdis . Kletnieks: "Re: why are capabilities disabled?"
Next in thread: Valdis . Kletnieks: "Re: why are capabilities disabled?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]