Re: [patch 2.1.97] more capabilities support

Andrew Morgan (morgan@transmeta.com)
Mon, 20 Apr 1998 15:41:21 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrea Arcangeli: "Re: 2.1.97 mm and cache"
Previous message: Alan Cox: "Re: 2.0.34pre9 Com Port Hassles"
In reply to: Lance Dillon: "dhcpcd"

Alan Cox writes:
> > 1) Don't store executables on the system with forced bits (this
> > requirement is automatically fulfilled in the current implementation
> > since we don't have file system support).
>
> That would come out as fixing the nosuid flag to no-[capability list]

If we can agree to the following constraint, I will withdraw my
objection to CAP_SETPCAP:

(as Alan suggests here) we build in a "no-[capability list]" mount
option for mounting filesystems. That is to say, a sys-admin can
trust a filesystem to reliably manipulate only a subset of the
total capabilities known to the system.

[Perhaps this was implicit all along to Astor?]

Best wishes

Andrew

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Andrea Arcangeli: "Re: 2.1.97 mm and cache"
Previous message: Alan Cox: "Re: 2.0.34pre9 Com Port Hassles"
In reply to: Lance Dillon: "dhcpcd"