Re: security capabilities on filesystems

Peter Gordon wrote:

>>I've poke around for some information but all I got (was this lousy t-shirt)
>>that there is no support for capablities stored on a filesystem. However, I'd
>>like to ask if there are any chances to see this feature soon.
> 
> What do you mean exactly? Ext2 (and its journalled cousin, Ext3; I'm
> not certain of other filesystems) can both store POSIX-style Access
> Control Lists (ACLs) and SELinux labeling as part of the inode
> metadata.

Reiserfs, xfs and jfs too.

Yet they all can't store, or I don't know how to set it up, POSIX
capabilities for executables. Those like CAP_NET_RAW or CAP_SYS_RAWIO.
The former is useful for ping the latter (was?) for X11. I know that this
functionality can be achived with SELinux but it's to havy-weight for me.
I'd rather implement BSD seclevels and capabilities.

> Hope this helps.

I am afraid no :-(

Bye.
-- 
Było mi bardzo miło.                    Czwarta pospolita klęska, [...]
>Łukasz<                      Już nie katolicka lecz złodziejska.  (c)PP

Attachment: signature.asc
Description: OpenPGP digital signature

---

• References:
  • security capabilities on filesystems
    • From: Lukasz Stelmach <[email protected]>
  • Re: security capabilities on filesystems
    • From: Peter Gordon <[email protected]>

• Prev by Date: Re: [PATCH] dscc4: fix dscc4_init_dummy_skb check
• Next by Date: Re: 2.6.16-rc1-mm4
• Previous by thread: Re: security capabilities on filesystems
• Next by thread: Re: security capabilities on filesystems
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]