Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
On Thu, 2007-10-25 at 17:41 -0700, Chris Wright wrote: > * Casey Schaufler ([EMAIL PROTECTED]) wrote: > > --- Chris Wright <[EMAIL PROTECTED]> wrote: > > > > > * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > > > > Here is a new version of the 64-bit capability patches I was supposed > > > > to send last week I think. > > > > > > > > This patch could stand alone without the 64-bit caps, but should > > > > definately not be applied anywhere until it has been better > > > > reviewed. It is the alternative to the patch removing the > > > > capability type checking code. > > > > > > How likely is > 64? > > > > If the Granularity Gremlins get loose the answer is 100%. > > DG/UX ended up with over 330. > > Yeah, I think a few systems ended up with > 64. I think the current Solaris and FreeBSD implementations support extensible privilege sets, and that Solaris already has > 64. > > > Fortunately the GGs have a playpen already in SELinux. > > I suggest that the capabilities maintainer be very stingy > > and refer anyone who's need isn't pretty obvious there. > > This means that the folks who want to divide CAP_SYSADMIN > > are going to be disappointed with what they get, but some > > level of restraint is important. > > Sure, I guess my point is, if we open up to 64, how quickly > will we hit 65. Perhaps a generic bitmask is better, and then > we need a stricter type mode anyway. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
Quoting Chris Wright ([EMAIL PROTECTED]): > * Casey Schaufler ([EMAIL PROTECTED]) wrote: > > --- Chris Wright <[EMAIL PROTECTED]> wrote: > > > > > * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > > > > Here is a new version of the 64-bit capability patches I was supposed > > > > to send last week I think. > > > > > > > > This patch could stand alone without the 64-bit caps, but should > > > > definately not be applied anywhere until it has been better > > > > reviewed. It is the alternative to the patch removing the > > > > capability type checking code. > > > > > > How likely is > 64? My instinct is to say "not very", but only a fool would admit that publicly. > > If the Granularity Gremlins get loose the answer is 100%. > > DG/UX ended up with over 330. > > Yeah, I think a few systems ended up with > 64. > > > Fortunately the GGs have a playpen already in SELinux. > > I suggest that the capabilities maintainer be very stingy > > and refer anyone who's need isn't pretty obvious there. > > This means that the folks who want to divide CAP_SYSADMIN > > are going to be disappointed with what they get, but some > > level of restraint is important. > > Sure, I guess my point is, if we open up to 64, how quickly > will we hit 65. Perhaps a generic bitmask is better, and then > we need a stricter type mode anyway. Hmm, using a generic bitmask may indeed be a good idea. Though the main complication with 64-bit is communication with userspace, the rest is simple. How would we generically communicate the generic bitmap caps to userspace? The way xattrs are, pass in a buffer, and a NULL buffer to query size? Or do we still version by number of longs in the bitmaps? thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
* Casey Schaufler ([EMAIL PROTECTED]) wrote: > --- Chris Wright <[EMAIL PROTECTED]> wrote: > > > * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > > > Here is a new version of the 64-bit capability patches I was supposed > > > to send last week I think. > > > > > > This patch could stand alone without the 64-bit caps, but should > > > definately not be applied anywhere until it has been better > > > reviewed. It is the alternative to the patch removing the > > > capability type checking code. > > > > How likely is > 64? > > If the Granularity Gremlins get loose the answer is 100%. > DG/UX ended up with over 330. Yeah, I think a few systems ended up with > 64. > Fortunately the GGs have a playpen already in SELinux. > I suggest that the capabilities maintainer be very stingy > and refer anyone who's need isn't pretty obvious there. > This means that the folks who want to divide CAP_SYSADMIN > are going to be disappointed with what they get, but some > level of restraint is important. Sure, I guess my point is, if we open up to 64, how quickly will we hit 65. Perhaps a generic bitmask is better, and then we need a stricter type mode anyway. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
--- Chris Wright <[EMAIL PROTECTED]> wrote: > * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > > Here is a new version of the 64-bit capability patches I was supposed > > to send last week I think. > > > > This patch could stand alone without the 64-bit caps, but should > > definately not be applied anywhere until it has been better > > reviewed. It is the alternative to the patch removing the > > capability type checking code. > > How likely is > 64? If the Granularity Gremlins get loose the answer is 100%. DG/UX ended up with over 330. Fortunately the GGs have a playpen already in SELinux. I suggest that the capabilities maintainer be very stingy and refer anyone who's need isn't pretty obvious there. This means that the folks who want to divide CAP_SYSADMIN are going to be disappointed with what they get, but some level of restraint is important. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > Here is a new version of the 64-bit capability patches I was supposed > to send last week I think. > > This patch could stand alone without the 64-bit caps, but should > definately not be applied anywhere until it has been better > reviewed. It is the alternative to the patch removing the > capability type checking code. How likely is > 64? - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html