Re: [PATCH] capabilities: Ambient capability set V2

[Serge E. Hallyn]

On Fri, Mar 06, 2015 at 09:50:02AM -0600, Christoph Lameter wrote:
> On Thu, 5 Mar 2015, Serge E. Hallyn wrote:
> 
> > > > So I'd say drop this change ^
> > >
> > > Then the ambient caps get ignored for a executables that have capabilities
> > > seton the file?
> >
> > Yes.  Those are assumed to already know what they're doing.
> 
> Ok can we get this patch merged now if I do this change
> (effectively ambient caps for binaries that have no caps set) and deal with the
> other issues later? This would cover most of the use cases here at least.

Sorry, something about that patch-patch didn't make sense to me, but I
need to look more closely.  My objection was that you were able to get the
pA capabilities into pP without them being in your pI.  Your proposed
change didn't seem like it would fix that.

It also seems worth waiting until you talk to Andy in person next week.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/