* Francesco P. Lovergine [Wed, 12 Nov 2003 at 14:48 +0100]
> It has implication for libcap* packages too, doesn't it?
From libcap2's README.Debian:
This library should be used in conjunction with the kernel patches
from
<URL:http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/>
(or a kernel.org mirror near you).
You need to apply both the appropriate "ea" and "fcaps" patch in
this order. See the README in this directory for up-to-date
details.
The fcaps patch appears to have the same change (and a whole lot more).
The README found at the above URL states:
7. CAP_SETPCAP is no longer associated with the ability to set the
capabilities of an arbitrary process. (Which was so awful a
capability we're all pretty much relieved about this change.)
I am not sure what precisely you can do with CAP_SETPCAP after this
patch, but I imagine it just restricts which processes you can change
(not just arbitrary). The arbitrary part is probably why it is disabled
by default.
I will investigate whether jackstart could be modified to use libcap2
with these patches. It looks like these patches require patching
e2fsprogs too, though.
--
Hans Fugal | De gustibus non disputandum est.
http://hans.fugal.net/ | Debian, vim, mutt, ruby, text, gpg
http://gdmxml.fugal.net/ | WindowMaker, gaim, UTF-8, RISC, JS Bach
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460
Attachment:
pgpBGfNBswmiA.pgp
Description: PGP signature