Re: [PATCH] capabilities: introduce per-process capability boundingset (v10)

From: KaiGai Kohei
Date: Sat Dec 01 2007 - 20:31:42 EST

Next message: Eric W. Biederman: "[PATCH] fix x86-32 early fixmap initialization."
Previous message: Eric W. Biederman: "Re: namespace support requires network modules to say "GPL""
In reply to: KaiGai Kohei: "Re: [PATCH] capabilities: introduce per-process capability boundingset (v10)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Serge,

Is there any reason not to have a separate /etc/login.capbounds
config file, though, so the account can still have a full name?
Did you only use that for convenience of proof of concept, or
is there another reason?

passwd(5) says the fifth field is optional and only used for
informational purpose (like ulimit, umask).

However, using any other separate config file is conservative
and better. One candidate is "/etc/security/capability.conf"
defined as the config file of pam_cap.

Thanks,
--
KaiGai Kohei <kaigai@xxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "[PATCH] fix x86-32 early fixmap initialization."
Previous message: Eric W. Biederman: "Re: namespace support requires network modules to say "GPL""
In reply to: KaiGai Kohei: "Re: [PATCH] capabilities: introduce per-process capability boundingset (v10)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]