Re: Audio Apps Mini-Policy, v0.1
On Tue, Oct 28, 2003 at 12:31:14PM -0500, Matt Zimmerman wrote:
[...]
> I'm actually starting to wonder whether we should have a general facility
> for these sorts of things. Having apps be setuid root and expecting them to
> behave responsibility is asking for trouble; it would make much more sense
> to grant them only the capability that they need. I don't know whether
> there is a filesystem extension to grant capabilities to binaries,
There is libcap2 which requires a kernel-patch.
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/
> but we probably couldn't rely on it anyway.
ack.
Perhaps execcap(8) can be used as base for the "general facility"?
cu andreas
Reply to: