Re: [PATCH] per-process securebits

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Ismail Dönmez" <ismail@pardus.org.tr>
To: "Andrew G. Morgan" <morgan@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Linux Security Modules List 
	<linux-security-module@vger.kernel.org>,
	linux-kernel@vger.kernel.org,
	"Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: [PATCH] per-process securebits
Date: Mon, 4 Feb 2008 02:54:50 +0200	[thread overview]
Message-ID: <200802040254.50444.ismail@pardus.org.tr> (raw)
In-Reply-To: <47A66119.90702@kernel.org>

At Monday 04 February 2008 around 02:49:29 Andrew G. Morgan wrote:
> Another way to put this is that there needs to be some application code
> and documentation available to guide the way... Adding such things to
> the example programs in libcap2 helped me find the 24-rc2 CAP_SETPCAP
> bug and until I've gone through the task of testing all the bits
> together, I won't believe the kernel support is anything other than
> 'experimental'.
>
> Other folk are actively advocating and exploring this model. For
> example, Chris Friedhoff has a page here that describes some first
> steps for using filesystem capabilities:
>
> ~  http://www.friedhoff.org/posixfilecaps.html

I already know and enjoy File system base capabilities thanks to Chris' 
website and Serge's developerWorks article.

What I meant to ask was what does "per-process securebits" brings as extra. 
FWIW in Pardus 2008 we'll enable Posix file capabilities by default so people 
could "harden" their setups.

Regards,
ismail

-- 
Never learn by your mistakes, if you do you may never dare to try again.

next prev parent reply	other threads:[~2008-02-04  0:54 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-01  8:11 [PATCH] per-process securebits Andrew G. Morgan
2008-02-01  8:28 ` Andrew Morton
2008-02-01  9:07   ` James Morris
2008-02-04 18:17     ` Pavel Machek
2008-02-04 22:00       ` Andrew Morton
2008-02-03  6:01   ` Andrew G. Morgan
2008-02-03  6:18     ` Andrew Morton
2008-02-03  6:25       ` Ismail Dönmez
2008-02-04  0:49         ` Andrew G. Morgan
2008-02-04  0:54           ` Ismail Dönmez [this message]
2008-02-04  1:10             ` Andrew G. Morgan
2008-02-04 16:45               ` Serge E. Hallyn
2008-02-05  1:15                 ` Ismail Dönmez
2008-02-01 20:15 ` serge
2008-02-03  6:11   ` Andrew G. Morgan
2008-02-05 18:46 ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200802040254.50444.ismail@pardus.org.tr \
    --to=ismail@pardus.org.tr \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=morgan@kernel.org \
    --cc=serue@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.