[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

On Wed, Feb 06, 2013 at 03:20:09PM -0600, Serge Hallyn wrote:
> > > > > Do we finally have mechanisms to start processes without root but with
> > > > > elevated capabilities?
> > > > We also need fallback for non Capability-capable supported kernels
> > > > (wow that's an awkward sentence)
> > > Not to mention non-xattr-backed filesystems.
> > xattrs is only one of possible mechanisms but as we don't have it either,
> > its shortcomings are probably not worth mentioning.
> For posix capabilities attached to files xattrs are currently the
> only means.  That's what I assumed this was referring to.
I suppose there can be other theoretical means to do that with a
privileged helper (and /sbin/init is privileged, for example). 


Attachment: signature.asc
Description: Digital signature

Reply to: