On Wed, Nov 25, 2015 at 6:41 PM, James Morris wrote:
> Please pull this fix for the keys subsystem, for 4.4, from David Howells.
>
> Note: this oops is triggerable by non-privileged users.
>
> The following changes since commit 6ffeba9607343f15303a399bc402a538800d89d9:
>
> Merge tag 'dm-4.4-fixe
On Fri, 2015-11-27 at 14:52 +0100, Arnd Bergmann wrote:
> The newly added EVM_LOAD_X509 code can be configured even if
> CONFIG_EVM is disabled, but that causes a link error:
>
> security/built-in.o: In function `integrity_load_keys':
> digsig_asymmetric.c:(.init.text+0x400): undefined reference t
A common way for daemons to run with minimal privilege is to start as root,
perhaps setuid-root, choose a desired capability set, set PR_SET_KEEPCAPS,
then change uid to non-root. A simpler way to achieve this is to set file
capabilities on a not-setuid-root binary. However, when installing a pac
"Serge E. Hallyn" writes:
> A common way for daemons to run with minimal privilege is to start as root,
> perhaps setuid-root, choose a desired capability set, set PR_SET_KEEPCAPS,
> then change uid to non-root. A simpler way to achieve this is to set file
> capabilities on a not-setuid-root bin
On Mon, Nov 30, 2015 at 05:08:34PM -0600, Eric W. Biederman wrote:
> "Serge E. Hallyn" writes:
>
> > A common way for daemons to run with minimal privilege is to start as root,
> > perhaps setuid-root, choose a desired capability set, set PR_SET_KEEPCAPS,
> > then change uid to non-root. A simpl