Re: security capabilities on filesystems

Peter Gordon wrote:

>>I've poke around for some information but all I got (was this lousy t-shirt)
>>that there is no support for capablities stored on a filesystem. However, I'd
>>like to ask if there are any chances to see this feature soon.
> 
> What do you mean exactly? Ext2 (and its journalled cousin, Ext3; I'm
> not certain of other filesystems) can both store POSIX-style Access
> Control Lists (ACLs) and SELinux labeling as part of the inode
> metadata.

Reiserfs, xfs and jfs too.

Yet they all can't store, or I don't know how to set it up, POSIX
capabilities for executables. Those like CAP_NET_RAW or CAP_SYS_RAWIO.
The former is useful for ping the latter (was?) for X11. I know that this
functionality can be achived with SELinux but it's to havy-weight for me.
I'd rather implement BSD seclevels and capabilities.

> Hope this helps.

I am afraid no :-(

Bye.
-- 
Było mi bardzo miło.                    Czwarta pospolita klęska, [...]
>Łukasz<                      Już nie katolicka lecz złodziejska.  (c)PP

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- security capabilities on filesystems
  - From: Lukasz Stelmach <[email protected]>
- Re: security capabilities on filesystems
  - From: Peter Gordon <[email protected]>

Prev by Date: Re: [PATCH] dscc4: fix dscc4_init_dummy_skb check
Next by Date: Re: 2.6.16-rc1-mm4
Previous by thread: Re: security capabilities on filesystems
Next by thread: Re: security capabilities on filesystems
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]