Re: [RFC] [PATCH] file posix capabilities

[Albert Cahalan]

Casey Schaufler writes:
> --- "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:

> > +    bprm->cap_effective = fscaps[0];
> > +    bprm->cap_inheritable = fscaps[1];
> > +    bprm->cap_permitted = fscaps[2];
>
> It does not appear that you're attempting
> to maintain the POSIX exec semantics for
> capability sets. (If you're doing it
> elsewhere in the code, nevermind) I don't
> know if this is intentional or not.

Stop right there. No such POSIX semantics exist.
There is no POSIX standard for this. Out in the
wild there are numerous dangerously incompatible
ideas about this concept:

a. SGI IRIX, and one draft of a failed POSIX proposal
b. Linux (half done), and a very different draft
c. DG-UX, which actually had a workable system
d. Solaris, which is workable and getting used

My rant from 4 years ago mostly applies today.
http://lkml.org/lkml/2003/10/22/135

(yes, we have a lame SGI-style set of bits with
a set of equations that is not compatible)

Something has changed though: people are actually
using this type of thing on Solaris. Probably the
sanest thing to do is to copy Solaris: equations,
tools, set of bits, #define names, API, etc. Just
let Sun be the standard, and semi-portable apps
will be able to use the feature. Cross-platform
admins will be very grateful for the consistency.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/