Re: disable-cap-mlock

From: Marc-Christian Petersen
Date: Thu Apr 01 2004 - 15:24:18 EST

Next message: Karim Yaghmour: "Re: kernel 2.4.16"
Previous message: Karim Yaghmour: "Re: kernel 2.4.16"
In reply to: William Lee Irwin III: "Re: disable-cap-mlock"
Next in thread: William Lee Irwin III: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 01 April 2004 21:26, William Lee Irwin III wrote:

Hi Bill,

> Okay, done.
> Misc fix thrown in: the policies beyond enabled/disabled were wrongly
> set up in minmax' args, so this throws the real max in the table.

Great. Works :) ... Prolly the attached one ontop.

ciao, Marc

--- old/security/Kconfig 2004-04-01 20:31:11.000000000 +0200
+++ new/security/Kconfig 2004-04-01 22:19:14.000000000 +0200
@@ -109,6 +109,19 @@ config SECURITY_CAPABILITY_SYSCTL
It's probably best to firewall the living daylights out
of anything using this also.

+ Anyway, the values are:
+
+ - 0 = checks enabled (the default)
+ - 1 = checks disabled
+ - 2 = root only
+ - 3 = no one, even root has no access to capabilities
+
+ All the sysctl entries are mutable until the "lockdown"
+ entry is set to a non-zero value. All capabilities are
+ enabled by default.
+
+ Say N unless you know what you are doing.
+
source security/selinux/Kconfig

endmenu

Next message: Karim Yaghmour: "Re: kernel 2.4.16"
Previous message: Karim Yaghmour: "Re: kernel 2.4.16"
In reply to: William Lee Irwin III: "Re: disable-cap-mlock"
Next in thread: William Lee Irwin III: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]