On Mon, Feb 18, 2008 at 04:12:53PM +0900, Kohei KaiGai wrote:
> Greg KH wrote:
> > On Fri, Feb 15, 2008 at 12:38:02PM -0600, Serge E. Hallyn wrote:
> >>>
> >>> This patch enables to export code/name of capabilities supported
> >>> on the running kernel.
> >>>
> >>> A newer kernel sometimes
Greg KH wrote:
> On Fri, Feb 15, 2008 at 12:38:02PM -0600, Serge E. Hallyn wrote:
>>>
>>> This patch enables to export code/name of capabilities supported
>>> on the running kernel.
>>>
>>> A newer kernel sometimes adds new capabilities, like CAP_MAC_ADMIN
>>> at 2.6.25. However, we have n
--- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
>
>
> Two quick fixes for you right now (apart from the one you've already
> got :) would be
>
> 1. give wireshark cap_kill, by doing something like
>
> capset cap_kill=ep /bin/wireshark
>
> 2. compile a kernel w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
| Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]>
| ---
| security/commoncap.c |2 +-
| 1 files changed, 1 insertions(+), 1 deletions(-)
|
| diff --git a/security/commoncap.c b/security/commoncap.c
| index 5aba826..bb0c0
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Serge E. Hallyn wrote:
> | Andrew, this pretty much was bound to happen... we need to figure out
> | what our approach here should be. My preference is still to allow
> | signals when p->uid==curre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
| Andrew, this pretty much was bound to happen... we need to figure out
| what our approach here should be. My preference is still to allow
| signals when p->uid==current->uid so long as !SECURE_NOROOT. Then as
| people start
On Mon, Feb 18, 2008 at 09:03:51AM +0900, Tetsuo Handa wrote:
> Hello.
>
> > No printable comments, except for that:
> >
> > (e) why don't you guys move the Linus' Serious Mistake to _callers_ of
> > vfs_mknod() and its ilk?
> >
> > Which obviously solves all problems with having vfsmount.
>
>
Hello.
> No printable comments, except for that:
>
> (e) why don't you guys move the Linus' Serious Mistake to _callers_ of
> vfs_mknod() and its ilk?
>
> Which obviously solves all problems with having vfsmount.
Excuse me. I didn't understand what "the Linus' Serious Mistake to
_callers_ of vf
On Sun, Feb 17, 2008 at 06:00:30PM +0900, Tetsuo Handa wrote:
> Hello.
>
> This is "(c) Add new hooks." approach I proposed at
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg11536.html .
>
> Although this is an incomplete patch,
> I want to know whether you can tolerate this approach or not.
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> Hello,
> I'm not sure it is you the right person to contact.
> I tried to run latest normal user wireshark with SUID dumpcap without success
> under linux-2.6.24.2. After looking around it seems to be related to the file
> in the kernel security/co
Hello.
This is "(c) Add new hooks." approach I proposed at
http://www.mail-archive.com/[EMAIL PROTECTED]/msg11536.html .
Although this is an incomplete patch,
I want to know whether you can tolerate this approach or not.
If you cannot tolerate this approach, may be we need to consider
implementi
11 matches
Mail list logo