Re: [PATCH] 2.5.45: Filesystem capabilities

• Next message: Pavel Machek: "Re: [BK console] console updates."
• Previous message: Pawel Bernadowski: "2.5.45-mcp2 Build error"
• Next in thread: Olaf Dietsche: "Re: [PATCH] 2.5.45: Filesystem capabilities"
• Reply: Olaf Dietsche: "Re: [PATCH] 2.5.45: Filesystem capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> Hi Linus,
>
> This patch implements filesystem capabilities. It allows to run
> privileged executables without the need for suid root.

This is gross hack:

> +static char __capname[] = ".capabilities";
> +
> +static int __is_capname(const char *name)
> +{
> + if (*name != __capname[0])
> + return 0;
> +
> + return !strcmp(name, __capname);
> +}

Yup. Magic filename. With ACLs going in 2.5 and with ext2 support for
arbitrary metadata, doing capabilities right might be feasible now.

                                                        Pavel

-- 
When do you have heart between your knees?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Pavel Machek: "Re: [BK console] console updates."
• Previous message: Pawel Bernadowski: "2.5.45-mcp2 Build error"
• Next in thread: Olaf Dietsche: "Re: [PATCH] 2.5.45: Filesystem capabilities"
• Reply: Olaf Dietsche: "Re: [PATCH] 2.5.45: Filesystem capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:24 EST