[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

Quoting Andrey Rahmatullin (wrar@wrar.name):
> On Wed, Feb 06, 2013 at 12:30:28PM -0600, Serge Hallyn wrote:
> > > > Do we finally have mechanisms to start processes without root but with
> > > > elevated capabilities?
> > > We also need fallback for non Capability-capable supported kernels
> > > (wow that's an awkward sentence)
> > Not to mention non-xattr-backed filesystems.
> xattrs is only one of possible mechanisms but as we don't have it either,
> its shortcomings are probably not worth mentioning.

For posix capabilities attached to files xattrs are currently the
only means.  That's what I assumed this was referring to.


Reply to: