---------- begin quote -----------
Subject Capability Sets
All Capability Sets on subjects are used to establish operational
privileges for users, roles, and their applications. Every subject
in DSO software has four capability sets placed on them:
* an Effective Set that governs what the person and applications
acting for them are allowed to do
* a Permitted Set which limits the capabilities that may be
in the Effective Set
* an Inheritable Set that controls which capabilities can be passed on
* a Bounding Set that serves as a fail-safe mechanism to ensure users
cannot acquire more privilege beyond what they have been authorized
Object Capability Sets
Object Capability Sets replace UNIX setuid actions, to eliminate
exposure associated with setuid privileges of standard UNIX.
In addition, Capability Sets on objects are used to establish
operational privileges users and applications must posses to
execute an operation. Any object can have four capability sets
established for it, is optional, and contains:
* an Effective Set determines what capabilities will be asserted
when the application is first run
* a Permitted Set provides enhanced privileges when it is first run,
such as when a user changes their password
* an Inheritable Set acts as a filter to ensure unintended combinations
of privilege cannot occur when the application is first run
* a Bounding Set serves as a fail-safe mechanism to limit the
resulting privilege of an application when it is first run
----------- end quote ------------
We seem to be missing the bounding set.
It would seem that totally conflicting capability sets would prevent
an executable from being run, since it would be dangerous to have a
privileged executable run with only half of what it needs.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu