Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753308AbbGOLOW (ORCPT ); Wed, 15 Jul 2015 07:14:22 -0400 Received: from tundra.namei.org ([65.99.196.166]:34167 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752667AbbGOLOT (ORCPT ); Wed, 15 Jul 2015 07:14:19 -0400 Date: Wed, 15 Jul 2015 21:13:51 +1000 (AEST) From: James Morris To: Andy Lutomirski cc: Andrew Morton , "Serge E. Hallyn" , Serge Hallyn , James Morris , Jarkko Sakkinen , "Ted Ts'o" , "Andrew G. Morgan" , Linux API , Mimi Zohar , Michael Kerrisk , Austin S Hemmelgarn , linux-security-module , Aaron Jones , Serge Hallyn , LKML , Markku Savela , Kees Cook , Jonathan Corbet , Christoph Lameter , Andy Lutomirski Subject: Re: [PATCH v4 1/2] capabilities: Ambient capabilities In-Reply-To: <9f660ee708e58892bfa7012b6b9c840298e24544.1436903028.git.luto@kernel.org> Message-ID: References: <9f660ee708e58892bfa7012b6b9c840298e24544.1436903028.git.luto@kernel.org> User-Agent: Alpine 2.11 (LRH 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 768 Lines: 27 On Tue, 14 Jul 2015, Andy Lutomirski wrote: > ===== The proposed change ===== > > This patch adds a fifth capability mask called the ambient mask > (pA). pA does what most people expect pI to do. > This looks good, and I think it will lead to better overall security because people will find capabilities easier to use for real-world scenarios. Has it had enough security review? This is a significant new behavior being added to a widely enabled security module. - James -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/