Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755196AbXLBB2n (ORCPT ); Sat, 1 Dec 2007 20:28:43 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753657AbXLBB2e (ORCPT ); Sat, 1 Dec 2007 20:28:34 -0500 Received: from mail2.asahi-net.or.jp ([202.224.39.198]:12239 "EHLO mail.asahi-net.or.jp" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753537AbXLBB2d (ORCPT ); Sat, 1 Dec 2007 20:28:33 -0500 Message-ID: <47520A45.7000800@kaigai.gr.jp> Date: Sun, 02 Dec 2007 10:28:37 +0900 From: KaiGai Kohei User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: serge@hallyn.com CC: "Serge E. Hallyn" , lkml , linux-security-module@vger.kernel.org, Andrew Morgan , Chris Wright , Stephen Smalley , James Morris , Andrew Morton Subject: Re: [PATCH] capabilities: introduce per-process capability bounding set (v10) References: <20071126200908.GA13287@sergelap.austin.ibm.com> <4750B6D5.7070607@kaigai.gr.jp> <20071201035820.GA7730@vino.hallyn.com> In-Reply-To: <20071201035820.GA7730@vino.hallyn.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 793 Lines: 22 Serge, > Is there any reason not to have a separate /etc/login.capbounds > config file, though, so the account can still have a full name? > Did you only use that for convenience of proof of concept, or > is there another reason? passwd(5) says the fifth field is optional and only used for informational purpose (like ulimit, umask). However, using any other separate config file is conservative and better. One candidate is "/etc/security/capability.conf" defined as the config file of pam_cap. Thanks, -- KaiGai Kohei -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/