Re: [PATCH] capabilities: Ambient capability set V1

From: Andy Lutomirski
Date: Mon Feb 23 2015 - 10:45:23 EST

On Mon, Feb 23, 2015 at 6:58 AM, Christoph Lameter <cl@xxxxxxxxx> wrote:
> Ok 4.0-rc1 is out and this patch has been sitting here for a couple of
> weeks without comment after an intensive discussion about the RFCs.
> Since there were no objections: Is there any chance to get this into -next
> somehow?

At the very least, I think it needs to define and implement what
happens when a cap is added to ambient and then dropped from
permitted. We also may need LSM_UNSAFE_something to clear the ambient
set to avoid a major security issue.

I'd like to discuss (in the hallway if nothing else) at LSF/MM with
whatever other interested people will be there.


Andy Lutomirski
AMA Capital Management, LLC
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at