Re: disable-cap-mlock

From: Andrea Arcangeli
Date: Thu Apr 01 2004 - 21:12:25 EST

Next message: Norberto Bensa: "Re: 2.6.5-rc3-mm4"
Previous message: Andrew Morton: "Re: [RFC][PATCH 1/3] radix priority search tree - objrmapcomplexity fix"
In reply to: Chris Wright: "Re: disable-cap-mlock"
Next in thread: Andrew Morton: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 01, 2004 at 05:59:14PM -0800, Chris Wright wrote:
> * Andrew Morton (akpm@xxxxxxxx) wrote:
> > Rumour has it that the more exhasperated among us are brewing up a patch to
> > login.c which will allow capabilities to be retained after the setuid. So
> > you do
> >
> > echo "oracle CAP_IPC_LOCK" > /etc/logincap.conf
> >
> > And that's it.
> >
> > See any reason why this won't work?
>
> Looks ok, and sounds very similar to what pam_cap does.

just curious, how does this work through 'su'? Does su check
logincap.conf too?

I certainly agree this can be fully solved in userspace, though it won't
be a few linear change in userspace and for the short term matter
there's not much time left to change userspace. For the long term if we
want to go with the userspace solution that's fine with me, I definitely
agree with that. For the very short term I'm not sure, but then I
certainly cannot object if nothing is changed in the mainline kernel for
this.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Norberto Bensa: "Re: 2.6.5-rc3-mm4"
Previous message: Andrew Morton: "Re: [RFC][PATCH 1/3] radix priority search tree - objrmapcomplexity fix"
In reply to: Chris Wright: "Re: disable-cap-mlock"
Next in thread: Andrew Morton: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]