Re: Filesystem Capabilities in 2.6?

Alan Cox (alan@lxorguk.ukuu.org.uk)
03 Nov 2002 17:10:24 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Previous message: Zwane Mwaikambo: "[PATCH][2.5-AC] Start from bank 0 for P4 MCE init"
In reply to: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"
Next in thread: Pavel Machek: "Re: Filesystem Capabilities in 2.6?"

On Sun, 2002-11-03 at 16:30, Ragnar Kjørstad wrote:
> On Sun, Nov 03, 2002 at 04:20:08PM +0100, Bernd Eckenfels wrote:
> > In article <1036328263.29642.23.camel@irongate.swansea.linux.org.uk> you wrote:
> > > Namespaces is a way to inherit revocation of rights on a large scale (or
> > > a small one true). #! is a way to handle program specific revocation of
> > > rights which _is_ filesystem persistent.
> >
> > #! would be a nice option to increase capabilities on invocation. But the
> > final target must be linked to the invocation by an entity/revision binding.
> > Since we do not have modification versions i could think about checksums:
>
> Unfortenately it will be much harder to find all executables with
> increased capabilities on your system.

You need a way to mark applications which may be run with increased
capabilities and which ones are permitted yes, and by object not by name

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexander Viro: "Re: Filesystem Capabilities in 2.6?"
Previous message: Zwane Mwaikambo: "[PATCH][2.5-AC] Start from bank 0 for P4 MCE init"
In reply to: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"
Next in thread: Pavel Machek: "Re: Filesystem Capabilities in 2.6?"