Re: Capabilities done right [diff against 2.3.1]

Jamie Lokier (lkd@tantalophile.demon.co.uk)
Wed, 19 May 1999 20:34:37 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gabor Lenart: "Re: S3 Frame Buffer"
Previous message: Ulrich Windl: "Re: i386/RTC: old problem, new solution?"

Pavel Machek wrote:
> > I may want to _strip_ shellscripts of power.
>
> Ok, that's legitimate. In such case , we'll have to modify shell to
> understand something like --drop, so that beggining of shell would
> look like
>
> #!/bin/bash --drop NET_BIND_SERVICE
>
> . Which again has nice property like surviving NFS/ftp transfers etc.

You don't need to modify the shell.
Simply:

#!/bin/setcap --drop NET_BIND_SERVICE /bin/bash

-- Jamie

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gabor Lenart: "Re: S3 Frame Buffer"
Previous message: Ulrich Windl: "Re: i386/RTC: old problem, new solution?"