Hi On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote: > On Thu, 13 Mar 2003, Alexander Reelsen wrote: > > Are you sure on this one? > > > > # sysctl -A | grep cap-bound > > kernel.cap-bound = -257 > > > > Being it a sysctl parameter makes me wonder whether you can set things > > runtime (if you have the appropriate capability of course). lcap does > > exactly that, writing in this procfile. > "Capabilities" is the next section that I plan to write/rewrite :-) The > interesting point about capabilities is that once one of them has been > removed, it can not be added back -- so lcap can only remove capabilities, > and not add them again. You can have a look at the current section 9.3.2.1 > of the manual, there is a very short blurb on the subject (with some > references) Ok. I wasn't sure anymore, whether it is completely impossible to add back a capability. Do you have some reference about that? I have something in mind about that but I can't remember exactly.
> Does it answer your questions or did I miss a real loophole in the > strategy that I described ? If you provide some reference, then for sure :) MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]