-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is this the sort of change that should be abstracted into the security module API?
To this point, everything about the fcap changes have been in headers and within the security module code. [EMAIL PROTECTED] linux-2.6]$ git diff --stat master include/linux/binfmts.h | 3 +- include/linux/capability.h | 48 +++++++--- include/linux/security.h | 12 ++- security/Kconfig | 10 ++ security/capability.c | 4 + security/commoncap.c | 209 ++++++++++++++++++++++++++++++++++++++++---- security/selinux/hooks.c | 12 +++ 7 files changed, 263 insertions(+), 35 deletions(-) [EMAIL PROTECTED] linux-2.6]$ The security module doesn't appear to be in the loop for this sort of security sensitive event. Is there a reason for not making it so? Cheers Andrew Serge E. Hallyn wrote: > When you > > setfcaps -c cap_net_admin=p -e /bin/ping > cp /bin/sh /bin/ping > > then /bin/ping should lose its file capabilities. This patch probably > will need to be cleaned up, but seems to work as it should. > > thanks, > -serge -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGq/d/QheEq9QabfIRAvp+AJ4mCrgdHCak77qONqfQ4vR3vSQnugCeMA8l aBvtX3nREQiBYC/UVprjRcQ= =uZp/ -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
