Re: Latest capabilities patch(getting close)

Andrew Morgan (morgan@transmeta.com)
Tue, 27 Apr 1999 18:45:09 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Melissa Davis: "Linux 2.2.6 IO-APIC <feature>"
Maybe in reply to: Y2K: "Latest capabilities patch(getting close)"

Y2K wrote:
>
> Supports "soiled" and "pure draft".
> Preliminary support for required caps in elf header.
> per task or global securebits settings.
> Elf note fixups.
> ld scripts that might useful, might not.
> I hope that this is close enough that some real testing might begin soon.
> Once elf cap adder is finished then you can play with caps RSN.

> /* We don't have VFS support for capabilities yet */
> - cap_clear(bprm->cap_inheritable);
> - cap_clear(bprm->cap_permitted);
> - cap_clear(bprm->cap_effective);
> + /* if we did we'd do something like this pseudo */
> + /* if (HAD_VFS_CAPS_AVAIL) {
> + * USE_VFS_CAPS
> + * else {
> + * USE_DEFAULTS_AS_BELOW
> + * }
> + */

Yep, here is an example implementation of that:

ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.3/

Cheers

Andrew

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Previous message: Melissa Davis: "Linux 2.2.6 IO-APIC <feature>"
Maybe in reply to: Y2K: "Latest capabilities patch(getting close)"