>> In the meantime, so long as you're adding some new capabilities, how
>> about also splitting up a few like CAP_SYS_ADMIN? Have you looked into
>> it and decided none are really separable, i.e. any subset leads to the
>> ability to get any other subset?
>
>I agree that splitting CAP_SYS_ADMIN might be worth while, but it
>really looks like opening a worm can, so I didn't feel up to the
>challenge there. It might be a good idea to reserve some bits for
>that possibility, however - I'm not sure how best to proceed.
Split it into read and write options, for a start. This is important in
a sub-"root"-user environment as is currently created with my MultiAdm
LSM, which, due to the broad spectrum CAP_SYS_ADMIN addresses, must
give SYS_ADMIN to the subadmin (to be able to read restricted objects)
and restrict it afterwards in all the LSM hooks (to not write to
restricted objects).
http://lkml.org/lkml/2006/5/1/105
http://lkml.org/lkml/2006/5/1/110 <- important
Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
