Re: Filesystem Capabilities in 2.6?

Pavel Machek (pavel@ucw.cz)
Sat, 9 Nov 2002 21:11:21 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Machek: "Re: Call to rewrite swsusp"
Previous message: Adam J. Richter: "Re: [parisc-linux] Untested port of parisc_device to generic device interface"
In reply to: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"

On Sun 03-11-02 16:20:08, Bernd Eckenfels wrote:
> In article <1036328263.29642.23.camel@irongate.swansea.linux.org.uk> you wrote:
> > Namespaces is a way to inherit revocation of rights on a large scale (or
> > a small one true). #! is a way to handle program specific revocation of
> > rights which _is_ filesystem persistent.
>
> #! would be a nice option to increase capabilities on invocation. But the
> final target must be linked to the invocation by an entity/revision binding.
> Since we do not have modification versions i could think about checksums:
>
> #!#/bin/setcap
> 10de6c9a339800777c2a8c43a7def924 /bin/ls
> +NET_ADMINe

I do not think having md5 sum of /bin/ls helps so much -- what if I
moify ld.so, instead?
Pavel

-- 
When do you have heart between your knees?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: Call to rewrite swsusp"
Previous message: Adam J. Richter: "Re: [parisc-linux] Untested port of parisc_device to generic device interface"
In reply to: Bernd Eckenfels: "Re: Filesystem Capabilities in 2.6?"