Re: CAP_SYS_ADMIN on restart(2)
From: Serge E. Hallyn
Date: Thu Apr 16 2009 - 12:29:37 EST
Quoting Alexey Dobriyan (adobriyan@xxxxxxxxx):
> > What Alexey wants, I believe, is for users to be able to not have
> > to worry about there being exploitable bugs in restart(2) which
> > unprivileged users can play with. And for the usual distro-kernel
> > reasons, saying use 'CONFIG_CHECKPOINT=n' is not an option.
>
> This is correct, yes. If I would be a sysadmin who knows a bit about
> kernel internals, I'd never trust restart(2) to get it right.
Now I suppose what we could do is define a new CAP_SYS_RESTART
capability and require that. Then the admin to whom I'm trying
to cater could simply 'capset cap_sys_restart=pe /bin/restart'.
Then all users could use restart without being granted the
extra privilege implied by CAP_SYS_ADMIN.
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/