On Tue, 05 August 2008 Ciaran McCreesh wrote:
> On Tue, 5 Aug 2008 10:51:09 +0200 Bruno Prémont wrote:
> > Has any progress happened since March for adding support for
> > FILE_CAPABILITIES?
>
> Well, Alon still hasn't backed up his claim that Portage supports
> capabilities... Fairly important to
On Tue, 5 Aug 2008 10:51:09 +0200
Bruno Prémont <[EMAIL PROTECTED]> wrote:
> Has any progress happened since March for adding support for
> FILE_CAPABILITIES?
Well, Alon still hasn't backed up his claim that Portage supports
capabilities... Fairly important to establish that before anything
else..
On Sun, 23 Mar 2008 Alon Bar-Lev wrote:
> Hello All,
>
> linux-2.6.24 supports file based capabilities via:
> CONFIG_SECURITY_FILE_CAPABILITIES
>
> This enables the use of filesystem attributes in order to store per
> executable capabilities list, more information at [1].
>
> This enables improv
On Sun, 23 Mar 2008 20:45:24 +0200
"Alon Bar-Lev" <[EMAIL PROTECTED]> wrote:
> File system attributes already supported for selinux. I also checked
> this with capabilities and it works with portage.
Looking at this some more... What makes you say that? So far as I can
see, whether or not they're
On 3/24/08, Mike Frysinger <[EMAIL PROTECTED]> wrote:
> how much do we want to help the user ? if they have USE=filecaps, then dont
> perform any checking ? we'll need a kernel with file capabilities turned on,
> otherwise the prog wont work unless it's setuid ... so do we perform checking
>
On Monday 24 March 2008, Alon Bar-Lev wrote:
> On 3/24/08, Mike Frysinger <[EMAIL PROTECTED]> wrote:
> > Diego and i were talking ... we're going to go with USE=filecaps because
> > it's so new and doesnt require the libcap library in order to work at
> > runtime. probably be worthwhile to put toge
On Mon, 24 Mar 2008 14:27:39 +0200
"Alon Bar-Lev" <[EMAIL PROTECTED]> wrote:
> On 3/24/08, Mike Frysinger <[EMAIL PROTECTED]> wrote:
> > Diego and i were talking ... we're going to go with USE=filecaps
> > because it's so new and doesnt require the libcap library in order
> > to work at runtime. pr
On 3/24/08, Mike Frysinger <[EMAIL PROTECTED]> wrote:
> Diego and i were talking ... we're going to go with USE=filecaps because it's
> so new and doesnt require the libcap library in order to work at runtime.
> probably be worthwhile to put together a little eclass of functions to make
> people
On Sunday 23 March 2008, Alon Bar-Lev wrote:
> linux-2.6.24 supports file based capabilities via:
> CONFIG_SECURITY_FILE_CAPABILITIES
>
> This enables the use of filesystem attributes in order to store per
> executable capabilities list, more information at [1].
>
> This enables improved security l
On Sun, 23 Mar 2008 20:45:24 +0200
"Alon Bar-Lev" <[EMAIL PROTECTED]> wrote:
> On 3/23/08, Ciaran McCreesh <[EMAIL PROTECTED]> wrote:
> > > Why? A simple USE flag should be enough, if set use caps, if not
> > > use current.
> >
> >
> > A user turns the use flag on, the ebuild creates files using
On 3/23/08, Ciaran McCreesh <[EMAIL PROTECTED]> wrote:
> > Why? A simple USE flag should be enough, if set use caps, if not use
> > current.
>
>
> A user turns the use flag on, the ebuild creates files using caps
> rather than set*id, the package manager merges it by copying the file
> and the
On Sun, 23 Mar 2008 20:30:33 +0200
"Alon Bar-Lev" <[EMAIL PROTECTED]> wrote:
> > Needs package manager support. Effectively this requires an EAPI
> > bump, since ebuilds need to know whether they can rely upon caps
> > being preserved across a merge or whether they have to degrade to a
> > setuid b
On 3/23/08, Ciaran McCreesh <[EMAIL PROTECTED]> wrote:
> On Sun, 23 Mar 2008 20:21:29 +0200
> "Alon Bar-Lev" <[EMAIL PROTECTED]> wrote:
> > linux-2.6.24 supports file based capabilities via:
> > CONFIG_SECURITY_FILE_CAPABILITIES
> >
>
> > This will provide more secured installation for users wi
On Sun, 23 Mar 2008 20:21:29 +0200
"Alon Bar-Lev" <[EMAIL PROTECTED]> wrote:
> linux-2.6.24 supports file based capabilities via:
> CONFIG_SECURITY_FILE_CAPABILITIES
>
> This will provide more secured installation for users with a little
> effort, less usage of root user.
>
> What do you think?
14 matches
Mail list logo
