Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933256AbWKWIQ1 (ORCPT ); Thu, 23 Nov 2006 03:16:27 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S933246AbWKWIQ1 (ORCPT ); Thu, 23 Nov 2006 03:16:27 -0500 Received: from smtp.osdl.org ([65.172.181.25]:49637 "EHLO smtp.osdl.org") by vger.kernel.org with ESMTP id S933234AbWKWIQ0 (ORCPT ); Thu, 23 Nov 2006 03:16:26 -0500 Date: Thu, 23 Nov 2006 00:14:58 -0800 From: Andrew Morton To: "Serge E. Hallyn" Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Stephen Smalley , James Morris , Chris Wright , KaiGai Kohei , Chris Friedhoff , Alexey Dobriyan Subject: Re: security: introduce file caps Message-Id: <20061123001458.fe73f64a.akpm@osdl.org> In-Reply-To: <20061114030655.GB31893@sergelap> References: <20061114030655.GB31893@sergelap> X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.17; x86_64-unknown-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 7424 Lines: 101 On Mon, 13 Nov 2006 21:06:55 -0600 "Serge E. Hallyn" wrote: > Implement file posix capabilities. This allows programs to be given > a subset of root's powers regardless of who runs them, without > having to use setuid and giving the binary all of root's powers. With this patch applied, my X server fails to exit when I do the normal logout thing from the KDE menus. The distro is FC5, SELinux is enabled. I start X via `startx'. All the X clients have gone away, but the server continues to run. Black screen with just a mouse pointer which still responds to movement. This happens with CONFIG_SECURITY_FS_CAPABILITIES=n as well as =y. ps auxfw says: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.1 0.0 2000 676 ? Ss 01:04 0:00 init [3] root 2 0.0 0.0 0 0 ? SN 01:04 0:00 [ksoftirqd/0] root 3 0.0 0.0 0 0 ? S 01:04 0:00 [watchdog/0] root 4 0.0 0.0 0 0 ? S< 01:04 0:00 [events/0] root 5 0.0 0.0 0 0 ? S< 01:04 0:00 [khelper] root 6 0.0 0.0 0 0 ? S< 01:04 0:00 [kthread] root 47 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kblockd/0] root 48 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kacpid] root 152 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [ata/0] root 153 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [ata_aux] root 154 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [ksuspend_usbd] root 157 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [khubd] root 159 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kseriod] root 179 0.0 0.0 0 0 ? S 01:04 0:00 \_ [pdflush] root 180 0.0 0.0 0 0 ? S 01:04 0:00 \_ [pdflush] root 181 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kswapd0] root 182 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [aio/0] root 291 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [scsi_eh_0] root 292 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [scsi_eh_1] root 297 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [scsi_eh_2] root 298 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [scsi_eh_3] root 311 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [pccardd] root 321 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kpsmoused] root 326 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kedac] root 354 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kjournald] root 740 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [hda_codec] root 975 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [khpsbpkt] root 1110 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [knodemgrd_0] root 1680 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [kauditd] root 2237 0.0 0.0 0 0 ? S< 01:04 0:00 \_ [ipw2200/0] root 421 0.0 0.0 2212 648 ? S