From: Chris Friedhoff <chris@friedhoff.org>
To: Chris Friedhoff <chris@friedhoff.org>
Cc: "Serge E. Hallyn" <sergeh@us.ibm.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3
Date: Mon, 19 Nov 2007 14:39:46 +0100 [thread overview]
Message-ID: <20071119143946.b0664b6c.chris@friedhoff.org> (raw)
In-Reply-To: <20071115230227.9dabbb5f.chris@friedhoff.org>
Hello Serge,
just to let you know: with 2.6.24-rc3 I have the same problem.
Chris
On Thu, 15 Nov 2007 23:02:27 +0100
Chris Friedhoff <chris@friedhoff.org> wrote:
> No, the patch doesn't fix the problem.
> I still have the black screen with the cursor when I close the
> xsession, only the windowmanager is closed.
> consolemessage:
> xinit: Operation not permitted (errno 1): Can't kill X server
> kernel has capabilities, xinit has no caps granted.
>
> Chris
>
>
> > I'm setting up a vm to play with this. Will look into it.
> >
> > Oh, looking at a few branches, I see that the patch for bug# 9247
> > (on bugzilla.kernel.org) isn't in 2.6.24-rc2 yet. Can you check
> > whether the following patch fixes it?
> >
> > thanks,
> > -serge
> >
> > >From 347faf5852644b91632813885784104f4cdb640a Mon Sep 17 00:00:00 2001
> > From: Serge E. Hallyn <serue@us.ibm.com>
> > Date: Wed, 14 Nov 2007 13:00:52 -0500
> > Subject: [PATCH 1/1] file capabilities: allow sigcont within session (v2.6.24-rc2)
> >
> > Allow sigcont to be sent to a process with greater capabilities
> > if it is in the same session. Otherwise, a shell from which
> > I've started a root shell and done 'suspend' can't be restarted
> > by the parent shell.
> >
> > (this patch against v2.6.24-rc2)
> >
> > Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
> > ---
> > security/commoncap.c | 2 ++
> > 1 files changed, 2 insertions(+), 0 deletions(-)
> >
> > diff --git a/security/commoncap.c b/security/commoncap.c
> > index bf67871..c9f6867 100644
> > --- a/security/commoncap.c
> > +++ b/security/commoncap.c
> > @@ -534,6 +534,8 @@ int cap_task_kill(struct task_struct *p, struct siginfo *info,
> > * Used only by usb drivers?
> > */
> > return 0;
> > + if (sig == SIGCONT && (task_session_nr(current)==task_session_nr(p)))
> > + return 0;
> > if (cap_issubset(p->cap_permitted, current->cap_permitted))
> > return 0;
> > if (capable(CAP_KILL))
> > --
> > 1.5.1.1.GIT
>
>
> --------------------
> Chris Friedhoff
> chris@friedhoff.org
--------------------
Chris Friedhoff
chris@friedhoff.org
next prev parent reply other threads:[~2007-11-19 13:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-13 22:07 Posix file capabilities in 2.6.24rc2 Chris Friedhoff
2007-11-13 23:53 ` Serge E. Hallyn
2007-11-14 9:12 ` Chris Friedhoff
2007-11-14 18:02 ` Serge E. Hallyn
2007-11-15 22:02 ` Chris Friedhoff
2007-11-19 13:39 ` Chris Friedhoff [this message]
2007-11-19 23:16 ` Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3 Serge E. Hallyn
2007-11-20 9:46 ` Chris Friedhoff
2007-11-20 14:51 ` Serge E. Hallyn
2007-11-20 22:29 ` Chris Friedhoff
2007-11-20 22:51 ` Serge E. Hallyn
2007-11-21 0:50 ` Chris Friedhoff
2007-11-22 7:42 ` Andrew Morgan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071119143946.b0664b6c.chris@friedhoff.org \
--to=chris@friedhoff.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sergeh@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.