From: "Andrew G. Morgan" <morgan@kernel.org>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org,
James Morris <jmorris@redhat.com>,
Andreas Gruenbacher <agruen@suse.de>,
Andrew Morton <akpm@osdl.org>, Chris Wright <chrisw@sous-sol.org>,
Randy Dunlap <randy.dunlap@oracle.com>
Subject: Re: [PATCH 2/2] file capabilities: remove CONFIG_SECURITY_FILE_CAPABILITIES
Date: Tue, 23 Sep 2008 21:59:27 -0700 [thread overview]
Message-ID: <48D9C92F.5090908@kernel.org> (raw)
In-Reply-To: <20080924020526.GA26058@us.ibm.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Cheers
Andrew
Serge E. Hallyn wrote:
> Remove the option to compile the kernel without file capabilities. Not
> compiling file capabilities actually makes the kernel less safe, as it
> includes the possibility for a task changing another task's capabilities.
>
> Some are concerned that userspace tools (and user education) are not
> up to the task of properly configuring file capabilities on a system.
> For those cases, there is now the ability to boot with the no_file_caps
> boot option. This will prevent file capabilities from being used in
> the capabilities recalculation at exec, but will not change the rest
> of the kernel behavior which used to be switchable using the
> CONFIG_SECURITY_FILE_CAPABILITIES option.
>
> Signed-off-by: Serge Hallyn <serue@us.ibm.com>
> ---
> fs/open.c | 8 --
> include/linux/capability.h | 2 -
> include/linux/init_task.h | 4 -
> kernel/capability.c | 158 --------------------------------------------
> security/Kconfig | 9 ---
> security/commoncap.c | 53 ---------------
> 6 files changed, 0 insertions(+), 234 deletions(-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI2ckn+bHCR3gb8jsRAh1QAJ9yEYEdnUgOn5w18u6DgXNKCnAbWACgnq8j
70Oa+pgYJpRVsIPMSJcUGhY=
=26lW
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2008-09-24 5:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-24 2:04 [PATCH 1/2] file capabilities: add no_file_caps switch (v3) Serge E. Hallyn
2008-09-24 2:05 ` [PATCH 2/2] file capabilities: remove CONFIG_SECURITY_FILE_CAPABILITIES Serge E. Hallyn
2008-09-24 4:59 ` Andrew G. Morgan [this message]
2008-09-24 23:49 ` Chris Wright
2008-09-25 1:02 ` Serge E. Hallyn
2008-09-25 1:19 ` Chris Wright
2008-09-25 1:36 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48D9C92F.5090908@kernel.org \
--to=morgan@kernel.org \
--cc=agruen@suse.de \
--cc=akpm@osdl.org \
--cc=chrisw@sous-sol.org \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.