Re: [RFC] [PATCH] file posix capabilities

From: Serge E. Hallyn
Date: Mon Aug 14 2006 - 22:04:45 EST

Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> "Serge E. Hallyn" <serue@xxxxxxxxxx> writes:
> > Quoting Serge E. Hallyn (serue@xxxxxxxxxx):
> >> This patch implements file (posix) capabilities. This allows
> >> a binary to gain a subset of root's capabilities without having
> >> the file actually be setuid root.
> >>
> >> There are some other implementations out there taking various
> >> approaches. This patch keeps all the changes within the
> >> capability LSM, and stores the file capabilities in xattrs
> >> named "security.capability". First question is, do we want
> >> this in the kernel? Second is, is this sort of implementation
> >> we'd want?
> >>
> >> Some userspace tools to manipulate the fscaps are at
> >> For instance,
> >>
> >> setcap writeroot "cap_dac_read_search,cap_dac_override+eip"
> >>
> >> allows the 'writeroot' testcase to write to /root/ab when
> >> run as a normal user.
> >>
> >> This patch doesn't address the need to update
> >> cap_bprm_secureexec().
> Looking at your ondisk format it doesn't look like you include a
> version. There is no reason to believe the current set of kernel
> capabilities is fixed for all time.

In fact my version knowingly ignores CAP_AUDIT_WRITE and
CAP_AUDIT_CONTROL (because on my little test .iso they didn't exist).
So a version number may make sense.

> So we need some for of
> forward/backward compatibility. Maybe in the cap name?

You mean as in use 'security.capability_v32" for the xattr name?
Or do you really mean add a cap name to the structure?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at