From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Oren Laadan <orenl@cs.columbia.edu>,
Dave Hansen <dave@linux.vnet.ibm.com>,
xemul@parallels.com, containers@lists.linux-foundation.org,
mingo@elte.hu, linux-kernel@vger.kernel.org, hch@infradead.org,
akpm@linux-foundation.org, torvalds@linux-foundation.org
Subject: Re: CAP_SYS_ADMIN on restart(2)
Date: Thu, 16 Apr 2009 11:29:10 -0500 [thread overview]
Message-ID: <20090416162910.GA20736@us.ibm.com> (raw)
In-Reply-To: <20090416153513.GA7876@x200.localdomain>
Quoting Alexey Dobriyan (adobriyan@gmail.com):
> > What Alexey wants, I believe, is for users to be able to not have
> > to worry about there being exploitable bugs in restart(2) which
> > unprivileged users can play with. And for the usual distro-kernel
> > reasons, saying use 'CONFIG_CHECKPOINT=n' is not an option.
>
> This is correct, yes. If I would be a sysadmin who knows a bit about
> kernel internals, I'd never trust restart(2) to get it right.
Now I suppose what we could do is define a new CAP_SYS_RESTART
capability and require that. Then the admin to whom I'm trying
to cater could simply 'capset cap_sys_restart=pe /bin/restart'.
Then all users could use restart without being granted the
extra privilege implied by CAP_SYS_ADMIN.
-serge
next prev parent reply other threads:[~2009-04-16 16:29 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-10 2:32 [PATCH 00/30] C/R OpenVZ/Virtuozzo style Alexey Dobriyan
2009-04-10 2:44 ` Alexey Dobriyan
[not found] ` <20090410023207.GA27788-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-10 2:44 ` Alexey Dobriyan
2009-04-10 5:07 ` Dave Hansen
2009-04-10 8:28 ` Ingo Molnar
2009-04-10 8:28 ` Ingo Molnar
[not found] ` <20090410082815.GA17962-X9Un+BFzKDI@public.gmane.org>
2009-04-10 11:45 ` Alexey Dobriyan
2009-04-10 11:45 ` Alexey Dobriyan
2009-04-10 15:06 ` Linus Torvalds
2009-04-14 5:46 ` Oren Laadan
2009-04-14 5:46 ` Oren Laadan
[not found] ` <49E4233C.3000108-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 15:19 ` Alexey Dobriyan
2009-04-14 15:19 ` Alexey Dobriyan
2009-04-10 5:07 ` Dave Hansen
2009-04-13 9:14 ` Alexey Dobriyan
2009-04-13 11:16 ` Dave Hansen
[not found] ` <20090413091423.GA19236-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-13 11:16 ` Dave Hansen
2009-04-13 18:07 ` Dave Hansen
2009-04-13 18:07 ` Dave Hansen
2009-04-14 4:26 ` Oren Laadan
2009-04-14 4:26 ` Oren Laadan
[not found] ` <49E4108A.8050201-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 14:58 ` Alexey Dobriyan
2009-04-14 14:58 ` Alexey Dobriyan
[not found] ` <20090414145830.GA27461-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 18:08 ` Oren Laadan
2009-04-14 18:08 ` Oren Laadan
[not found] ` <49E4D115.5080601-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 18:34 ` Alexey Dobriyan
2009-04-14 20:49 ` Alexey Dobriyan
2009-04-14 18:34 ` Alexey Dobriyan
2009-04-14 19:31 ` Oren Laadan
[not found] ` <49E4E4AB.1030803-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 20:08 ` Alexey Dobriyan
2009-04-14 20:08 ` Alexey Dobriyan
[not found] ` <20090414183435.GA28233-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 19:31 ` Oren Laadan
2009-04-14 20:49 ` Alexey Dobriyan
2009-04-14 21:11 ` Dave Hansen
[not found] ` <20090414204912.GA28458-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 21:11 ` Dave Hansen
2009-04-14 21:39 ` Serge E. Hallyn
2009-04-14 21:39 ` Serge E. Hallyn
[not found] ` <20090414213934.GB17986-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-15 19:21 ` CAP_SYS_ADMIN on restart(2) (was: Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style) Alexey Dobriyan
2009-04-15 19:21 ` Alexey Dobriyan
2009-04-15 20:22 ` Serge E. Hallyn
[not found] ` <20090415192150.GC26994-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-15 20:22 ` Serge E. Hallyn
2009-04-15 20:23 ` Dave Hansen
2009-04-15 20:23 ` Dave Hansen
2009-04-15 20:39 ` Serge E. Hallyn
[not found] ` <20090415203920.GA5475-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-15 21:05 ` CAP_SYS_ADMIN on restart(2) Oren Laadan
2009-04-15 21:05 ` Oren Laadan
[not found] ` <49E64BFF.5080002-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-15 21:16 ` Serge E. Hallyn
2009-04-15 21:16 ` Serge E. Hallyn
[not found] ` <20090415211609.GA6704-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-16 15:35 ` Alexey Dobriyan
2009-04-16 15:35 ` Alexey Dobriyan
2009-04-16 16:29 ` Serge E. Hallyn [this message]
[not found] ` <20090416153513.GA7876-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-16 16:29 ` Serge E. Hallyn
2009-04-15 20:39 ` CAP_SYS_ADMIN on restart(2) (was: Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style) Serge E. Hallyn
2009-04-13 9:14 ` [PATCH 00/30] C/R OpenVZ/Virtuozzo style Alexey Dobriyan
2009-04-10 15:06 ` Linus Torvalds
[not found] ` <alpine.LFD.2.00.0904100758410.4583-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-04-13 7:39 ` Alexey Dobriyan
2009-04-13 7:39 ` Alexey Dobriyan
[not found] ` <20090413073925.GB7085-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-13 18:39 ` Linus Torvalds
2009-04-13 18:39 ` Linus Torvalds
2009-04-13 19:30 ` Ingo Molnar
[not found] ` <alpine.LFD.2.00.0904131137520.26713-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-04-13 19:30 ` Ingo Molnar
2009-04-14 12:29 ` Alexey Dobriyan
2009-04-14 12:29 ` Alexey Dobriyan
2009-04-14 13:44 ` Ingo Molnar
2009-04-14 16:53 ` Alexey Dobriyan
[not found] ` <20090414134420.GC27163-X9Un+BFzKDI@public.gmane.org>
2009-04-14 16:53 ` Alexey Dobriyan
2009-04-14 17:09 ` Linus Torvalds
[not found] ` <alpine.LFD.2.00.0904141006170.18124-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-04-14 17:19 ` Randy Dunlap
2009-04-14 17:19 ` Randy Dunlap
[not found] ` <49E4C5BD.1040405-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2009-04-14 17:32 ` Linus Torvalds
2009-04-14 17:32 ` Linus Torvalds
[not found] ` <20090414122906.GA20201-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 13:44 ` Ingo Molnar
2009-04-14 17:09 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090416162910.GA20736@us.ibm.com \
--to=serue@us.ibm.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=orenl@cs.columbia.edu \
--cc=torvalds@linux-foundation.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.