Re: [PATCH] Implement file posix capabilities

From: Bill O'Donnell
Date: Wed Jan 24 2007 - 11:29:23 EST

Next message: Randy Dunlap: "Re: [patch] fix emergency reboot: call reboot notifier list ifpossible"
Previous message: Mark Rustad: "Re: 2.6.18-stable release plans?"
Next in thread: Casey Schaufler: "Re: [PATCH] Implement file posix capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm in the process of testing the (backported) capabilities patch
and Kaigai's userspace tools on a SLES10 based x86-64 target (2.6.16).
Chris Friedhoff's examples (http://www.friedhoff.org/fscaps.html)
run cleanly. That said, can one expect, through the use of these
enhanced capabilities, to be able to add some finer grain
capabilities based on a specific userid? In Chris' ping example,
the suid is removed from /bin/ping to restrict it to root, and a
capability added to allow any user to execute it. Can that example
be extended to make it so only a _particular_ user can execute it?
I realize with SELinux, one could achieve the goal, but as a stopgap,
can capabilities be used to get there?
Thanks,
Bill

--
Bill O'Donnell
SGI
billodo@xxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy Dunlap: "Re: [patch] fix emergency reboot: call reboot notifier list ifpossible"
Previous message: Mark Rustad: "Re: 2.6.18-stable release plans?"
Next in thread: Casey Schaufler: "Re: [PATCH] Implement file posix capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]