Date: Tue, 19 Sep 2006 21:56:03 +0200
From: Pavel Machek <pavel@ucw.cz>
To: David Madore <david.madore@ens.fr>
Cc: Linux Kernel mailing-list <linux-kernel@vger.kernel.org>,
       LSM mailing-list <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH] security: add a mount option to make caps inheritable, re-enable CAP_SETPCAP
Message-ID: <20060919195603.GC7246@elf.ucw.cz>
References: <20060915153918.GA29528@clipper.ens.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060915153918.GA29528@clipper.ens.fr>
User-Agent: Mutt/1.5.11+cvs20060126
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1022
Lines: 26

Hi!

> Attempt to make capabilities mildly useful, without breaking anything
> and while still adhering to POSIX.1e semantics:
> 
>  * add a "inhcaps" mount option (MS_INHCAPS) which provides full
>    executable inheritable and effective sets (we cannot provide
>    finer-grained control over the mask, as fs-independent mount
>    options are only one bit wide each);

>  * re-enable CAP_SETPCAP which had been disabled following an
>    incorrect analysis of a past sendmail security hole.

Okay, I guess these two should go as a separate patches... Otherwise
patch looks okay to me.

Acked-by: Pavel Machek <pavel@suse.cz>
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/