On Wed, 17 Oct 2007 21:59:20 -0500 "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> Quoting Andrew Morton ([EMAIL PROTECTED]): > > On Tue, 16 Oct 2007 16:41:59 -0500 > > "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote: > > > > > To properly test this the libcap code will need to be updated first, > > > which I'm looking at now... > > > > This seems fairly significant. I asusme that this patch won't break > > presently-deployed libcap? > > It will break libcap. yikes, dropped! > And I'm not sure of the right way to address it. > So I was hoping to hear some ideas from Andrew Morgan, Chris Wright, and > Kaigai. > > We can introduce new capget64() and capset64() calls, and have > capget() return -EINVAL or -EAGAIN if a high bit would be needed to > accurately get the task's capabilities. > > Or we can require a new libcap, since capget and capset aren't > required for most day-to-day function anyway. > > I guess now that I've written this out, it seems pretty clear > that capget64() and capget64() are the way to go. Any objections? Sounds sane. New syscalls are cheap and it's clear separation. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
