Re: [capabilities] Allow normal inheritance for a configurable set of capabilities

From: Christoph Lameter
Date: Wed Feb 04 2015 - 11:43:23 EST

Next message: Lorenzo Pieralisi: "Re: [PATCH v8 11/21] ARM64 / ACPI: Get PSCI flags in FADT for PSCI init"
Previous message: Bjorn Helgaas: "Re: [PATCH v8 02/21] acpi: fix acpi_os_ioremap for arm64"
In reply to: Christoph Lameter: "Re: [capabilities] Allow normal inheritance for a configurable set of capabilities"
Next in thread: Andy Lutomirski: "Re: [capabilities] Allow normal inheritance for a configurable set of capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 4 Feb 2015, Andrew G. Morgan wrote:

> I was thinking more like this:
>
> int override = secure(SECURE_AMBIENT_PRIVS) &&
> cap_isclear(caps->inheritable.cap);

Uhh.. Then processes that require other capabilties would not pass
them through anymore to other stuff that they invoke.

Also the new caps need to be set somewhere.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lorenzo Pieralisi: "Re: [PATCH v8 11/21] ARM64 / ACPI: Get PSCI flags in FADT for PSCI init"
Previous message: Bjorn Helgaas: "Re: [PATCH v8 02/21] acpi: fix acpi_os_ioremap for arm64"
In reply to: Christoph Lameter: "Re: [capabilities] Allow normal inheritance for a configurable set of capabilities"
Next in thread: Andy Lutomirski: "Re: [capabilities] Allow normal inheritance for a configurable set of capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]