From: Steve Grubb <sgrubb@redhat.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org,
Andrew Morgan <morgan@kernel.org>,
Kees Cook <kees.cook@canonical.com>,
Andreas Gruenbacher <agruen@suse.de>,
Michael Kerrisk <mtk.manpages@gmail.com>,
George Wilson <gcwilson@us.ibm.com>
Subject: Re: drop SECURITY_FILE_CAPABILITIES?
Date: Tue, 10 Nov 2009 10:28:10 -0500 [thread overview]
Message-ID: <200911101028.10797.sgrubb@redhat.com> (raw)
In-Reply-To: <20091110140739.GA15534@us.ibm.com>
On Tuesday 10 November 2009 09:07:39 am Serge E. Hallyn wrote:
> I think that's the case most users will care about, whereas the
> remaining differences between CONFIG_SECURITY_FILE_CAPABILITIES=y
> and =n are that with CONFIG_SECURITY_FILE_CAPABILITIES=y :
>
> (1) certain security hooks (task_setscheduler, task_setioprio, and
> task_setnice) do capability set comparisions,
> (2) it is possible to drop capabilities from the bounding set,
> (3) it is possible to set per-task securelevels,
> (4) and it is possible to add any capability to your inheritable
> set if you have CAP_SETPCAP.
>
> Does anyone know of cases where CONFIG_SECURITY_FILE_CAPABILITIES=n
> is still perceived as useful?
As a library writer, I wished that the kernel behavior was either consistent,
or there is an API that I can use to find out what model we are operating
under. The biggest issue is that for a distribution we know the assumptions
the distribution should be running under. But end users are free to build
their own kernel that has it disabled. This has already lead to dbus not
working at all.
I also take issue with probing the capability version number returning EINVAL
when its the only way to find out what the preferred version is.
-Steve
next prev parent reply other threads:[~2009-11-10 15:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-10 14:07 drop SECURITY_FILE_CAPABILITIES? Serge E. Hallyn
2009-11-10 15:28 ` Steve Grubb [this message]
2009-11-10 15:53 ` Serge E. Hallyn
2009-11-10 17:51 ` Steve Grubb
2009-11-11 0:19 ` Serge E. Hallyn
2009-11-18 16:40 ` Andrew G. Morgan
2009-11-18 17:49 ` Steve Grubb
2009-11-18 18:36 ` Andrew G. Morgan
2009-11-18 19:33 ` Steve Grubb
2009-11-18 19:39 ` Andrew G. Morgan
2009-11-19 15:35 ` Andrew G. Morgan
2009-11-19 20:26 ` Steve Grubb
2009-11-10 17:23 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200911101028.10797.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=agruen@suse.de \
--cc=gcwilson@us.ibm.com \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox