Re: POSIX capabilities patch

To: debian-devel@lists.debian.org
Subject: Re: POSIX capabilities patch
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 12 Nov 2003 23:01:41 +0100
Message-id: <[🔎] 20031112220141.GA29105@lina.inka.de>
In-reply-to: <20031112143505.GF1459@falcon.fugal.net>
References: <[🔎] 20031112021147.GZ1459@falcon.fugal.net> <[🔎] 20031112031138.GA32736@lina.inka.de> <20031112143505.GF1459@falcon.fugal.net>

On Wed, Nov 12, 2003 at 07:35:05AM -0700, Hans Fugal wrote:
> So yes, it is broken on purpose (because the real solution is not in
> place). No, it doesn't make capabilities useless, it just makes it
> impossible to use CAP_SETPCAP.

And if i enable SETPCAP for init, will init drop that capability? Will it
pass it to all started programs?

If init by default drops this capability, I dont see a reason for the
default kernel to remove that capability. Well at least a command line
option should allow it and not recompile.

I mean, if it is so complicated to change this, it cant be right to enable
it :)

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Follow-Ups:
- Re: POSIX capabilities patch
  - From: Marco d'Itri <md@Linux.IT>

References:
- POSIX capabilities patch
  - From: Hans Fugal <hans@fugal.net>
- Re: POSIX capabilities patch
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: Bug#220401: ITP: linux-experimental -- Linux 2.4 kernel [EXPERIMENTAL PACKAGE]
Next by Date: Bug#220468: RFA: sourceforge -- Integrated development project framework
Previous by thread: Re: POSIX capabilities patch
Next by thread: Re: POSIX capabilities patch
Index(es):
- Date
- Thread