Re: RFC: disablenetwork facility. (v4)

From: Valdis . Kletnieks
Date: Tue Dec 29 2009 - 16:48:49 EST

Next message: Rafael J. Wysocki: "Re: 2.6.33-rc2: Reported regressions 2.6.31 -> 2.6.32"
Previous message: Rafael J. Wysocki: "Re: [Bug #14943] nfs regression?"
In reply to: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Next in thread: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 29 Dec 2009 15:27:22 CST, "Serge E. Hallyn" said:
> I think i disagree. A uid is just a uid (or should be). One day we may
> have a way for a factotum-style daemon to grant the ability to an unpriv
> task to setuid without CAP_SETUID. I think slingling uids and gids
> around that you already have access to should be fine.

Yes, but not doing the clear and obvious simple thing now for a "one day
we may have" consideration seems a poor engineering tradeoff.

Yes, slinging uids and gids around *would* be nice. But first we need a clear
plan for making /usr/bin/newgrp a shell builtin - once that happens, *then*
we can re-address this code. ;)

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Rafael J. Wysocki: "Re: 2.6.33-rc2: Reported regressions 2.6.31 -> 2.6.32"
Previous message: Rafael J. Wysocki: "Re: [Bug #14943] nfs regression?"
In reply to: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Next in thread: Serge E. Hallyn: "Re: RFC: disablenetwork facility. (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]