-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Serge E. Hallyn wrote: > Quoting Chris Friedhoff ([EMAIL PROTECTED]): >> Hello, >> >> in updating the documentation >> http://www.friedhoff.org/posixfilecaps.html I discovered that it is >> possible to give directories through setcap also the extended attribute >> capability and therefor grant them capabilities. >> Is this is intended or maybe not ? If it's intended, what is the benefit >> of this? > > I'm assuming it's unintended - or rather it's harmless but has no use - > but will let Andrew respond since he may have some cool idea i haven't > thought of. This is not intended behavior. It should be fixed (aka such support removed). Capabilities should only be available on executable files - not directories, symlinks or anything else... Cheers Andrew > > -serge > - > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcvHs+bHCR3gb8jsRAshoAKCaag8o0joy7ros8rBXeSUMxO8hJgCfVhLG yCZS4tjyrqX55ATxj8s6J2s= =pPF0 -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
