Re: [RFC] [PATCH] file posix capabilities
From: Casey Schaufler
Date: Tue Aug 15 2006 - 23:41:48 EST
--- Albert Cahalan <acahalan@xxxxxxxxx> wrote:
> Casey Schaufler writes:
> > --- "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:
> >> + bprm->cap_effective = fscaps;
> >> + bprm->cap_inheritable = fscaps;
> >> + bprm->cap_permitted = fscaps;
> > It does not appear that you're attempting
> > to maintain the POSIX exec semantics for
> > capability sets. (If you're doing it
> > elsewhere in the code, nevermind) I don't
> > know if this is intentional or not.
> Stop right there. No such POSIX semantics exist.
> There is no POSIX standard for this.
Strictly speaking you are of course correct.
Please accept my appologies and pass them along
to the IEEE.
> Out in the
> wild there are numerous dangerously incompatible
> ideas about this concept:
> a. SGI IRIX, and one draft of a failed POSIX
There were 17 drafts. I believe the one you
refer to is the last, which was withdrawn
due to lack of participation.
> b. Linux (half done), and a very different draft
A very similar draft. The differences are not
so significant as to matter much.
> c. DG-UX, which actually had a workable system
> d. Solaris, which is workable and getting used
> Something has changed though: people are actually
> using this type of thing on Solaris. Probably the
> sanest thing to do is to copy Solaris: equations,
> tools, set of bits, #define names, API, etc. Just
> let Sun be the standard, and semi-portable apps
> will be able to use the feature. Cross-platform
> admins will be very grateful for the consistency.
There are worse notions floating about.
I personally prefer the scheme used in
Irix (big surprise there) but I certainly
wouldn't obstruct a concerted effort to
go the Solaris route.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/