On Mon, Feb 08, 2010 at 22:24:30 +0100, Zbyniu Krzystolik wrote: >> setcap cap_net_bind_service=ei =nc >> execcap cap_net_bind_service=i su - gotar -c 'nc -l -p 34' > > Like this? :) > http://zz.iapt.pl/bez_root.txt
Yes, you already gave me this link and that's how I started on caps :) >> but this obviously requires tagging binaries. The problem is tracking >> all the xattrs (caps and ACLs). > > Yep. That's why I've asked about rpm - we could easilty extend SUIDs with fP(+fE?) so that end user could make his choice using securebits. http://lwn.net/Articles/280279/ http://lwn.net/Articles/368600/ In short: I'd like to disable entire SUID/SGID mechanism in my systems (SECURE_NO_SETUID_FIXUP+SECURE_KEEP_CAPS or entire SECURE_NOROOT maybe). -- Tomasz Pala <go...@pld-linux.org> _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
