Quoting Tetsuo Handa ([EMAIL PROTECTED]):
> This document is intended to specify the security goal that TOMOYO Linux is
> trying to achieve, so that users can evaluate whether TOMOYO Linux will meet
> their needs, and kernel developers can evaluate whether TOMOYO Linux deserved
> to be in-tree.
>
Hello,
in updating the documetation http://www.friedhoff.org/posixfilecaps.html
I noticed a change in the behavior.
There was the behavior, when the extended attribute capability was
present but with empty sets, even a suid-0-bit binary was not having
the right to request a call for which capabil
Hello,
in updating the documentation
http://www.friedhoff.org/posixfilecaps.html I discovered that it is
possible to give directories through setcap also the extended attribute
capability and therefor grant them capabilities.
Is this is intended or maybe not ? If it's intended, what is the benefit
Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> Hello,
>
> in updating the documentation
> http://www.friedhoff.org/posixfilecaps.html I discovered that it is
> possible to give directories through setcap also the extended attribute
> capability and therefor grant them capabilities.
> Is this is in
Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> Hello,
>
> in updating the documetation http://www.friedhoff.org/posixfilecaps.html
> I noticed a change in the behavior.
>
> There was the behavior, when the extended attribute capability was
> present but with empty sets, even a suid-0-bit binary w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
> Quoting Chris Friedhoff ([EMAIL PROTECTED]):
>> Hello,
>>
>> in updating the documentation
>> http://www.friedhoff.org/posixfilecaps.html I discovered that it is
>> possible to give directories through setcap also the extende
Hi Andrew Morgan,
does this patch look reasonable to you?
thanks,
-serge
>From ed2e7764917fd56d9743630bd7072f67ff30adc2 Mon Sep 17 00:00:00 2001
From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)>
Date: Wed, 26 Dec 2007 15:04:50 -0800
Subject: [PATCH 1/1] capabilities: oom_kill: don't set PF_SUPER
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This looks fine. Thanks!
Acked-by: Andrew G. Morgan <[EMAIL PROTECTED]>
Serge E. Hallyn wrote:
> Hi Andrew Morgan,
>
> does this patch look reasonable to you?
>
> thanks,
> -serge
>
>>From ed2e7764917fd56d9743630bd7072f67ff30adc2 Mon Sep 17 00:00
This patch enables to export the code/name pairs of capabilities under
/capability of securityfs.
In the current libcap, it obtains the list of capabilities from header file
on the build environment statically. However, it is not enough portable
between different versions of kernels, because an al
