From: Chris Wright <chrisw@sous-sol.org>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: greg@kroah.com, morgan@kernel.org, serue@us.ibm.com,
chrisw@sous-sol.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/3] exporting capability name/code pairs (for 2.6.26)
Date: Tue, 22 Apr 2008 22:37:26 -0700 [thread overview]
Message-ID: <20080423053726.GF3861@localhost.localdomain> (raw)
In-Reply-To: <480DC80F.3060403@ak.jp.nec.com>
* KaiGai Kohei (kaigai@ak.jp.nec.com) wrote:
> [PATCH 2/3] exporting capability name/code pairs
>
> This patch enables to export code/name pairs of capabilities the running
> kernel supported.
>
> A newer kernel sometimes adds new capabilities, like CAP_MAC_ADMIN
> at 2.6.25. However, we have no interface to disclose what capabilities
> are supported on the running kernel. Thus, we have to maintain libcap
> version in appropriate one synchronously.
>
> This patch enables libcap to collect the list of capabilities at run time,
> and provide them for users. It helps to improve portability of library.
>
> It exports these information as regular files under /sys/kernel/capability.
> The numeric node exports its name, the symbolic node exports its code.
I do not understand why this is necessary. The capability bits are an ABI
that shouldn't change in a non-backward compat way (i.e. only additions).
We typically don't export strings <-> number conversions for constants.
I know you've explained this a few times before, but it still seems to me
like a userspace only problem. What can userspace do with a capability
it does not know about?
thanks,
-chris
next prev parent reply other threads:[~2008-04-23 5:45 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-25 6:06 [PATCH 0/3] exporting capability name/code pairs (final#2) Kohei KaiGai
2008-02-25 6:10 ` [PATCH 1/3] add a private data field within kobj_attribute structure (final#2) Kohei KaiGai
2008-02-25 6:51 ` Greg KH
2008-02-25 6:57 ` Kohei KaiGai
2008-02-25 7:47 ` Greg KH
2008-02-25 10:04 ` Kohei KaiGai
2008-02-26 20:09 ` Greg KH
2008-02-28 5:49 ` Valdis.Kletnieks
2008-03-03 4:42 ` Kohei KaiGai
2008-02-25 6:10 ` [PATCH 2/3] exporting capability name/code pairs (final#2) Kohei KaiGai
2008-02-26 14:55 ` Andrew G. Morgan
2008-02-26 20:58 ` Serge E. Hallyn
2008-03-07 4:30 ` Kohei KaiGai
2008-03-07 4:53 ` Greg KH
2008-02-25 6:10 ` [PATCH 3/3] a new example to use kobject/kobj_attribute (final#2) Kohei KaiGai
2008-04-22 11:12 ` [PATCH 0/3] exporting capability name/code pairs (for 2.6.26) KaiGai Kohei
2008-04-22 11:17 ` [PATCH 1/3] add a private data field within kobj_attribute structure KaiGai Kohei
2008-04-22 11:18 ` [PATCH 2/3] exporting capability name/code pairs KaiGai Kohei
2008-04-22 11:18 ` [PATCH 3/3] a new example to use kobject/kobj_attribute KaiGai Kohei
2008-04-22 19:29 ` [PATCH 0/3] exporting capability name/code pairs (for 2.6.26) Alexey Dobriyan
2008-04-23 0:38 ` KaiGai Kohei
2008-04-23 7:03 ` Alexey Dobriyan
2008-04-23 7:37 ` KaiGai Kohei
2008-05-13 22:12 ` Alexey Dobriyan
2008-05-14 0:34 ` KaiGai Kohei
2008-04-23 5:37 ` Chris Wright [this message]
2008-04-23 7:15 ` KaiGai Kohei
2008-05-14 0:36 ` KaiGai Kohei
2008-05-14 0:52 ` Chris Wright
2008-05-14 5:57 ` KaiGai Kohei
2008-05-15 5:48 ` Andrew Morgan
2008-05-15 7:47 ` KaiGai Kohei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080423053726.GF3861@localhost.localdomain \
--to=chrisw@sous-sol.org \
--cc=greg@kroah.com \
--cc=kaigai@ak.jp.nec.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox