Re: [PATCH 3/4] capability: Create a new capability CAP_SIGNED

From: James Morris
Date: Wed Mar 20 2013 - 01:08:10 EST

Next message: Viresh Kumar: "Re: [PATCH V3 4/4] cpufreq: Add Kconfig option to enable/disable have_multiple_policies"
Previous message: Stephen Rothwell: "linux-next: Tree for Mar 20"
In reply to: Serge E. Hallyn: "Re: [PATCH 3/4] capability: Create a new capability CAP_SIGNED"
Next in thread: Vivek Goyal: "Re: [PATCH 3/4] capability: Create a new capability CAP_SIGNED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Mar 2013, Casey Schaufler wrote:

> Capabilities aren't just random attribute bits. They
> indicate that a task has permission to violate a
> system policy (e.g. change the mode bits of a file
> the user doesn't own).

Casey's right here, as well he should be.

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Viresh Kumar: "Re: [PATCH V3 4/4] cpufreq: Add Kconfig option to enable/disable have_multiple_policies"
Previous message: Stephen Rothwell: "linux-next: Tree for Mar 20"
In reply to: Serge E. Hallyn: "Re: [PATCH 3/4] capability: Create a new capability CAP_SIGNED"
Next in thread: Vivek Goyal: "Re: [PATCH 3/4] capability: Create a new capability CAP_SIGNED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]