From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Lameter Subject: Re: [PATCH] capabilities: Ambient capability set V2 Date: Fri, 6 Mar 2015 09:50:02 -0600 (CST) Message-ID: References: <20150301233359.GA22196@mail.hallyn.com> <20150305171326.GA14998@mail.hallyn.com> Content-Type: TEXT/PLAIN; charset=US-ASCII Return-path: In-Reply-To: <20150305171326.GA14998-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: "Serge E. Hallyn" Cc: Serge Hallyn , Andy Lutomirski , Jonathan Corbet , Aaron Jones , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, akpm-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org, "Andrew G. Morgan" , Mimi Zohar , Austin S Hemmelgarn , Markku Savela , Jarkko Sakkinen , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Michael Kerrisk List-Id: linux-api@vger.kernel.org On Thu, 5 Mar 2015, Serge E. Hallyn wrote: > > > So I'd say drop this change ^ > > > > Then the ambient caps get ignored for a executables that have capabilities > > seton the file? > > Yes. Those are assumed to already know what they're doing. Ok can we get this patch merged now if I do this change (effectively ambient caps for binaries that have no caps set) and deal with the other issues later? This would cover most of the use cases here at least.