Re: CONFIG_SECURITY_FILE_CAPABILITIES vs. atd
On Fri, Mar 07, 2008 at 07:13:20PM +0100, maximilian attems wrote:
> On Fri, Mar 07, 2008 at 10:40:43AM -0700, dann frazier wrote:
> > This is wrt #463669. Enabling POSIX file capabilities breaks signaling
> > atd and therefore at job submittal, and there is no fix yet that has
> > been accepted upstream.
> > maks tells me this was a request from the SELinux folks - but I would
> > think we'd prefer to have a working at system and a broken SELinux
> > system than the other way around - at least until there's an accepted
> > fix for this issue upstream.
> the change was done 2 month ago and only known affected is at.
> please wait some more days for the upstream fix to cook,
> it is anyway not so that we would upload a new 2.6.24 tomorrow.
> afais there is already a fix cooked for stable queue so..
Yes, upstream has an initial fix and is supposedly working on
improving it (didn't see one in the stable queue or in Linus' tree yet
- but I didn't check today).
I've no problem with a wait-and-see until the next 2.6.24