On Sat, Mar 07, 2015 at 09:09:05AM -0600, Christoph Lameter wrote: > On Fri, 6 Mar 2015, Serge E. Hallyn wrote: > > > > I think that's right. fI doesn't set pI. > > > > Right. The idea is that for the running binary to get capability x in its > > pP, its privileged ancestor must have set x in pI, and the binary itself > > must be trusted with x in fI. > > The ancestor here is ambient_test and when it is run pI will not be set > despite the cap setting.
ambient_test is supposed to set it. > Therefore anything is spawns cannot have the inheritance bits set either. > This plainly does not make any sense whatsoever. If this is so as it seems > to be then we should be able to remove the inheritance bits because they > have no effect. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
