Re: Posix capabilities - Pavel Machek

The Linux Kernel Mailing List
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@ucw.cz>
To: Neil Schemenauer <nas@python.ca>
Cc: swan@shockfrosted.org, linux-kernel@vger.kernel.org
Subject: Re: Posix capabilities
Date: Sun, 20 Oct 2002 16:18:06 +0200	[thread overview]
Message-ID: <20021020141806.GC6280@elf.ucw.cz> (raw)
In-Reply-To: <20021017204317.GA4286@glacier.arctrix.com>

Hi!

> See my "capwrap" module:
> 
>     http://arctrix.com/nas/linux/capwrap.tar.gz
> 
> To allow SCHED_FIFO you would need to give the process the CAP_SYS_NICE
> capability.  CAP_SYS_NICE is bit 23 (800000 in hex).  Create a text file
> with the following line and make it root suid:
> 
>     &/usr/bin/someprogram 800000
> 
> If the capwrap module is loaded the kernel will recognize the file as a
> "capability wrapper" and grant the specified capabilities to the
> executable while running with the uid of the current user.
> 
> The capwrap module isn't fancy but is works and is simple.  It doesn't
> require any special filesystem.  Since I'm no kernel hacker I don't know
> if it's suitable for inclusion in the main tree.  I would appreciate any
> comments people have regarding it.

I did similar thing using elf .note section... But this seems elegant
too. Perhaps you want to push it for inclusion?
								Pavel
-- 
Worst form of spam? Adding advertisment signatures ala sourceforge.net.
What goes next? Inserting advertisment *into* email?

next prev parent reply	other threads:[~2002-10-26 10:26 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-17 20:43 Posix capabilities Neil Schemenauer
2002-10-20 14:18 ` Pavel Machek [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-10-16 15:44 Stefan Schwandter
2002-10-16 16:22 ` Bosko Radivojevic
2002-10-17  3:26 ` Theodore Ts'o
2002-10-17  4:00   ` GrandMasterLee
2002-10-17 13:22     ` Horst von Brand
2002-10-18  6:38       ` GrandMasterLee
2002-10-17 10:37   ` Olaf Dietsche
2002-10-17 11:02     ` Andreas Gruenbacher
2002-10-17 12:12       ` Theodore Ts'o
2002-10-17 15:36         ` Olaf Dietsche
2002-10-17 17:17           ` Alex Riesen
2002-10-18 16:13         ` Rogier Wolff
2002-10-17 13:40     ` Henning P. Schmiedehausen
2002-10-17 12:05   ` Stefan Schwandter
2002-10-17 12:20     ` Theodore Ts'o
2002-10-20 14:16       ` Pavel Machek
2002-10-27 13:46         ` Andreas Gruenbacher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021020141806.GC6280@elf.ucw.cz \
    --to=pavel@ucw.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nas@python.ca \
    --cc=swan@shockfrosted.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox