Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
On Thu, 2007-10-25 at 17:41 -0700, Chris Wright wrote: * Casey Schaufler ([EMAIL PROTECTED]) wrote: --- Chris Wright [EMAIL PROTECTED] wrote: * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: Here is a new version of the 64-bit capability patches I was supposed to send last week I think. This patch could stand alone without the 64-bit caps, but should definately not be applied anywhere until it has been better reviewed. It is the alternative to the patch removing the capability type checking code. How likely is 64? If the Granularity Gremlins get loose the answer is 100%. DG/UX ended up with over 330. Yeah, I think a few systems ended up with 64. I think the current Solaris and FreeBSD implementations support extensible privilege sets, and that Solaris already has 64. Fortunately the GGs have a playpen already in SELinux. I suggest that the capabilities maintainer be very stingy and refer anyone who's need isn't pretty obvious there. This means that the folks who want to divide CAP_SYSADMIN are going to be disappointed with what they get, but some level of restraint is important. Sure, I guess my point is, if we open up to 64, how quickly will we hit 65. Perhaps a generic bitmask is better, and then we need a stricter type mode anyway. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote: Here is a new version of the 64-bit capability patches I was supposed to send last week I think. This patch could stand alone without the 64-bit caps, but should definately not be applied anywhere until it has been better reviewed. It is the alternative to the patch removing the capability type checking code. How likely is 64? - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
--- Chris Wright [EMAIL PROTECTED] wrote: * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: Here is a new version of the 64-bit capability patches I was supposed to send last week I think. This patch could stand alone without the 64-bit caps, but should definately not be applied anywhere until it has been better reviewed. It is the alternative to the patch removing the capability type checking code. How likely is 64? If the Granularity Gremlins get loose the answer is 100%. DG/UX ended up with over 330. Fortunately the GGs have a playpen already in SELinux. I suggest that the capabilities maintainer be very stingy and refer anyone who's need isn't pretty obvious there. This means that the folks who want to divide CAP_SYSADMIN are going to be disappointed with what they get, but some level of restraint is important. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC 1/2] capabilities: fix compilation with strict type checking (v2)
Quoting Chris Wright ([EMAIL PROTECTED]): * Casey Schaufler ([EMAIL PROTECTED]) wrote: --- Chris Wright [EMAIL PROTECTED] wrote: * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: Here is a new version of the 64-bit capability patches I was supposed to send last week I think. This patch could stand alone without the 64-bit caps, but should definately not be applied anywhere until it has been better reviewed. It is the alternative to the patch removing the capability type checking code. How likely is 64? My instinct is to say not very, but only a fool would admit that publicly. If the Granularity Gremlins get loose the answer is 100%. DG/UX ended up with over 330. Yeah, I think a few systems ended up with 64. Fortunately the GGs have a playpen already in SELinux. I suggest that the capabilities maintainer be very stingy and refer anyone who's need isn't pretty obvious there. This means that the folks who want to divide CAP_SYSADMIN are going to be disappointed with what they get, but some level of restraint is important. Sure, I guess my point is, if we open up to 64, how quickly will we hit 65. Perhaps a generic bitmask is better, and then we need a stricter type mode anyway. Hmm, using a generic bitmask may indeed be a good idea. Though the main complication with 64-bit is communication with userspace, the rest is simple. How would we generically communicate the generic bitmap caps to userspace? The way xattrs are, pass in a buffer, and a NULL buffer to query size? Or do we still version by number of longs in the bitmaps? thanks, -serge - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html