Quoting Andrew Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
Meanwhile, any chance you would get some time to implement the cap_bset
vs fcaps change you wanted? I'd have to look at my checklist to be
sure, but I think that, a version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
0. fix the implementation of cap_setpcap. It is supposed to mean 'this
process can raise capabilities, outside its permitted set, in _its own_
inheritable set'.
A few clarification questions:
Process p1 is calling
Quoting Andrew Morgan ([EMAIL PROTECTED]):
My current working preference is: 0, 3, 1, 2. I don't consider any of
them as urgent as getting the inode modification protection fixed.
Oops. Right.
I'm not sure I'll have a laptop with me tomorow, but I'll try to get a
patch out no later than
Quoting Andrew Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
Yes. I'd thought about adding a security_ops-inode_change() or
somesuch hook, but there were two reasons I didn't. First, this
should be done whether or not the capability
--- Andrew Morgan [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Serge E. Hallyn wrote:
Meanwhile, any chance you would get some time to implement the cap_bset
vs fcaps change you wanted? I'd have to look at my checklist to be
sure, but I think that, a version
On Sun, 2007-07-29 at 08:48 -0700, Casey Schaufler wrote:
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
Quoting Andrew Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is this the sort of change that should be abstracted into the security
module API?
Quoting Andrew Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is this the sort of change that should be abstracted into the security
module API?
To this point, everything about the fcap changes have been in headers
and within the security module code.
Yes.
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
Quoting Andrew Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is this the sort of change that should be abstracted into the security
module API?
To this point, everything about the fcap changes have been in
On Fri, Jul 27, 2007 at 12:31:11PM -0500, Serge E. Hallyn wrote:
When you
setfcaps -c cap_net_admin=p -e /bin/ping
cp /bin/sh /bin/ping
then /bin/ping should lose its file capabilities. This patch probably
will need to be cleaned up, but seems to work as it should.
Example
Quoting Seth Arnold ([EMAIL PROTECTED]):
On Fri, Jul 27, 2007 at 12:31:11PM -0500, Serge E. Hallyn wrote:
When you
setfcaps -c cap_net_admin=p -e /bin/ping
cp /bin/sh /bin/ping
then /bin/ping should lose its file capabilities. This patch probably
will need to be cleaned
10 matches
Mail list logo