Re: [PATCH] Capabilities, this time in elf section

Albert D. Cahalan (acahalan@cs.uml.edu)
Fri, 16 Apr 1999 02:06:22 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeremy Fitzhardinge: "Re: Solaris tmpfs vs. Linux RAMdisk"
Previous message: Richard Gooch: "Re: [PATCH] Capabilities, this time in elf section"
In reply to: Richard Gooch: "Re: [PATCH] Capabilities, this time in elf section"

Richard Gooch writes:
> Albert D. Cahalan writes:
>> David L. Parsley writes:
>>> Now, I have a suggestion that should apply equally to either solution; it
>>> could be possible to specify in a mount option masks for permitted and
>>> inheritable. This would limit the actual capabilites the mount would
>>> honor. This could be nice for either implementation.
>>
>> This is great. It can not be supported by Richard Gooch's system though.
>> I suppose one could scan the filesystem and then remount it.
>
> Sorry, I don't see why not.

You wanted to insert code into the executable that would check for
a capabilites section, instead of letting the kernel do the job.

The kernel knows what the mount options were. Userspace has little
clue what they were. You could add a system call for that or hope
that /etc/mtab has the data you need. Both options are crummy.

Your solution offers full support on old kernels, but that breaks
if you add a system call to check the mount options.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeremy Fitzhardinge: "Re: Solaris tmpfs vs. Linux RAMdisk"
Previous message: Richard Gooch: "Re: [PATCH] Capabilities, this time in elf section"
In reply to: Richard Gooch: "Re: [PATCH] Capabilities, this time in elf section"