Re: [PATCH] capabilities: Ambient capability set V1

From: Christoph Lameter
Date: Mon Feb 23 2015 - 10:54:24 EST

On Mon, 23 Feb 2015, Andy Lutomirski wrote:

> At the very least, I think it needs to define and implement what
> happens when a cap is added to ambient and then dropped from
> permitted. We also may need LSM_UNSAFE_something to clear the ambient
> set to avoid a major security issue.

The ambient cap needs to stay otherwise we will have issues again if
another binary/script is forked. IMHO the only way to switch off an
ambient capability should be another prctl action. The intend is after all
to have the cap available for all inherited processes.

Frankly, I'd rather have the ambient caps separate. We could do a stronger
separation by checking for permitted or ambient in capable().

> I'd like to discuss (in the hallway if nothing else) at LSF/MM with
> whatever other interested people will be there.

Ok. I will be at the MM meeting in Boston. 8th and 9th of March.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at