Date: Fri, 2 Apr 2004 04:09:15 +0200
From: Andrea Arcangeli <andrea@suse.de>
To: Chris Wright <chrisw@osdl.org>
Cc: Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org,
       kenneth.w.chen@intel.com
Subject: Re: disable-cap-mlock
Message-ID: <20040402020915.GO18585@dualathlon.random>
References: <20040401135920.GF18585@dualathlon.random> <20040401170705.Y22989@build.pdx.osdl.net> <20040401173034.16e79fee.akpm@osdl.org> <20040401175914.A22989@build.pdx.osdl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040401175914.A22989@build.pdx.osdl.net>
User-Agent: Mutt/1.4.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1217
Lines: 29

On Thu, Apr 01, 2004 at 05:59:14PM -0800, Chris Wright wrote:
> * Andrew Morton (akpm@osdl.org) wrote:
> > Rumour has it that the more exhasperated among us are brewing up a patch to
> > login.c which will allow capabilities to be retained after the setuid.  So
> > you do
> > 
> > 	echo "oracle CAP_IPC_LOCK" > /etc/logincap.conf
> > 
> > And that's it.
> > 
> > See any reason why this won't work?
> 
> Looks ok, and sounds very similar to what pam_cap does.

just curious, how does this work through 'su'? Does su check
logincap.conf too?

I certainly agree this can be fully solved in userspace, though it won't
be a few linear change in userspace and for the short term matter
there's not much time left to change userspace. For the long term if we
want to go with the userspace solution that's fine with me, I definitely
agree with that.  For the very short term I'm not sure, but then I
certainly cannot object if nothing is changed in the mainline kernel for
this.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/