Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261298AbUDBXSc (ORCPT ); Fri, 2 Apr 2004 18:18:32 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261317AbUDBXSc (ORCPT ); Fri, 2 Apr 2004 18:18:32 -0500 Received: from fw.osdl.org ([65.172.181.6]:43459 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S261298AbUDBXSa (ORCPT ); Fri, 2 Apr 2004 18:18:30 -0500 Date: Fri, 2 Apr 2004 15:18:28 -0800 From: Chris Wright To: Andrew Morton Cc: Chris Wright , andrea@suse.de, linux-kernel@vger.kernel.org, kenneth.w.chen@intel.com Subject: Re: disable-cap-mlock Message-ID: <20040402151828.I21045@build.pdx.osdl.net> References: <20040401135920.GF18585@dualathlon.random> <20040401170705.Y22989@build.pdx.osdl.net> <20040401173034.16e79fee.akpm@osdl.org> <20040402133540.1dfa0256.akpm@osdl.org> <20040402143639.G21045@build.pdx.osdl.net> <20040402150152.7675cf7e.akpm@osdl.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20040402150152.7675cf7e.akpm@osdl.org>; from akpm@osdl.org on Fri, Apr 02, 2004 at 03:01:52PM -0800 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1436 Lines: 39 * Andrew Morton (akpm@osdl.org) wrote: > http://www.zip.com.au/~akpm/linux/patches/stuff/pam_cap-akpm.tar.gz Cool, thanks. > That's my point, Chris. "the feature is bollixed, so let's write a ton of > new parallel stuff but not fix the original code". This is how cruft > accumulates. Yes, OK, point well-taken. > > Our goal was actually to keep is compatible. All of it's limitations > > predate the security stuff. > > Either the fine-grained capabilities are fixable, or they should be deleted > and we go back to suser(). One of those things should have happened before > adding more code, surely? I s'pose we rather viewed the behaviour as legacy...stuck with, don't muck with...Making it usable is certainly better than going back to suser(), so let's procede that way and reconcile the mistake. > > IIRC, changing those (existing) securebits settings creates an unusable > > machine. Again, I think there was some anticipation of the fs bits > > going in later. Perhaps those securebits pieces could just be removed. > > OK. Do you have time to do the honours? Sure thing. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/