Re: [PATCH] Filesystem capabilities support
From: Nathan Scott
Date: Wed Jul 06 2005 - 01:45:41 EST
Hi Nicholas,
On Sat, Jul 02, 2005 at 10:41:08PM +0100, Nicholas Hans Simmonds wrote:
> This is a simple attempt at providing capability support through extended
> attributes.
> ...
> +#define XATTR_CAP_SET XATTR_SECURITY_PREFIX "cap_set"
> ...
> + ret = bprm_getxattr(bprm_dentry,XATTR_CAP_SET,&caps,sizeof(caps));
> + if(ret == sizeof(caps)) {
> + if(caps.version == _LINUX_CAPABILITY_VERSION) {
> + cap_t(bprm->cap_effective) &= caps.mask_effective;
> ...
Since this is being stored on-disk, you may want to consider
endianness issues. I guess for binaries this isn't really a
problem (since they're unlikely to be run on other platforms),
though perhaps it is for shell scripts and the like. Storing
values in native endianness poses problems for backup/restore
programs, NFS, etc.
IIRC, the other LSM security attribute values are stored as
ASCII strings on-disk to avoid this sort of issue.
cheers.
--
Nathan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/