Re: PATH records show fcaps

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: PATH records show fcaps
Date: Mon, 20 Oct 2008 06:56:32 -0400	[thread overview]
Message-ID: <200810200656.32522.sgrubb@redhat.com> (raw)
In-Reply-To: <1224343392.3189.74.camel@paris-laptop>

On Saturday 18 October 2008 11:23:12 Eric Paris wrote:
> type=PATH msg=audit(1224342849.465:43): item=0 name="/bin/ping" inode=49227
> dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> obj=system_u:object_r:ping_exec_t:s0 cap_permitted=0000000000002000
> cap_inheritable=0000000000000000 

The kernel abbreviates these as: capprm & capinh in the proc file system. I'm 
thinking shorter names would save some disk space.

> This good?  If either cap_permitted or cap_inheritable have anything set
> I show them both.

And they are otherwise missing to save disk space?

> In the above example would you rather I only showed 
> cap_permitted and dropped cap_inheritable?

No. Its my understanding that apps could have something inheritable by 
children and we'd want to know exactly what that was.

> Did I see correctly that it's possible to set a cap_effective on a file? 

Yes.

> Does it do anything?  I didn't see that getting used or read in the kernel, 
> so I didn't put any way to display it in kernel....

That would be strange to have a field that is not used.

I'll leave code review to others. Thanks for working on this patch!

-Steve

next prev parent reply	other threads:[~2008-10-20 10:56 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-18 15:23 PATH records show fcaps Eric Paris
2008-10-20 10:56 ` Steve Grubb [this message]
2008-10-20 13:32   ` Eric Paris
2008-10-20 16:31 ` Serge E. Hallyn
2008-10-20 16:55   ` Eric Paris
2008-10-20 17:13     ` Serge E. Hallyn
2008-10-20 22:52     ` Steve Grubb
2008-10-20 23:00       ` Eric Paris
2008-10-21  2:21         ` Steve Grubb
2008-10-20 16:33 ` Serge E. Hallyn
2008-10-20 17:55   ` Eric Paris
2008-10-20 18:13     ` Serge E. Hallyn
2008-10-20 18:35       ` Eric Paris
2008-10-20 19:13         ` Serge E. Hallyn
2008-10-20 19:49           ` Eric Paris
2008-10-20 20:01             ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200810200656.32522.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=eparis@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.