I'm in the process of testing the (backported) capabilities patch
and Kaigai's userspace tools on a SLES10 based x86-64 target (2.6.16).
Chris Friedhoff's examples (http://www.friedhoff.org/fscaps.html)
run cleanly. That said, can one expect, through the use of these
enhanced capabilities, to be able to add some finer grain
capabilities based on a specific userid? In Chris' ping example,
the suid is removed from /bin/ping to restrict it to root, and a
capability added to allow any user to execute it. Can that example
be extended to make it so only a _particular_ user can execute it?
I realize with SELinux, one could achieve the goal, but as a stopgap,
can capabilities be used to get there?
Thanks,
Bill
--
Bill O'Donnell
SGI
[email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]