Re: [PATCH] 2.5.45: Filesystem capabilities

Olaf Dietsche (olaf.dietsche#list.linux-kernel@t-online.de)
Sat, 02 Nov 2002 14:43:18 +0100


Pavel Machek <pavel@ucw.cz> writes:

>> This patch implements filesystem capabilities. It allows to run
>> privileged executables without the need for suid root.
>
> This is gross hack:
>
>> +static char __capname[] = ".capabilities";
>> +
>> +static int __is_capname(const char *name)
>> +{
>> + if (*name != __capname[0])
>> + return 0;
>> +
>> + return !strcmp(name, __capname);
>> +}

Of course, this is a hack. A working hack, btw.

> Yup. Magic filename. With ACLs going in 2.5 and with ext2 support for
> arbitrary metadata, doing capabilities right might be feasible now.

I'm happy to take a look at a working solution.
How come, no one has implemented it yet? :-)

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


TCH] 2.5.45: Filesystem capabilities"