Re: [patch 2.1.97] more capabilities support

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 20 Apr 1998 23:02:18 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lance Dillon: "dhcpcd"
Previous message: Robert Edmonds: "success"

> 1) Don't store executables on the system with forced bits (this
> requirement is automatically fulfilled in the current implementation
> since we don't have file system support).

That would come out as fixing the nosuid flag to no-[capability list]

> allowed set to give processes capabilities. On that system, the
> inheritable bitmask will work exactly like the bounding set.

Except for revocation of existing rights. Which is sort of bad practice
as the revoked rights may leave an object with items gained before
revocation.. Ok yes I can live with that limit

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Lance Dillon: "dhcpcd"
Previous message: Robert Edmonds: "success"