From: "Serge E. Hallyn" <serue@us.ibm.com>
To: mtk.manpages@gmail.com
Cc: James Morris <jmorris@namei.org>,
lkml <linux-kernel@vger.kernel.org>,
SELinux <selinux@tycho.nsa.gov>,
linux-security-module@vger.kernel.org,
Stephen Smalley <sds@epoch.ncsc.mil>,
Kees Cook <kees.cook@canonical.com>,
Andrew Morgan <morgan@kernel.org>,
"Christopher J. PeBenito" <cpebenito@tresys.com>,
Eric Paris <eparis@parisplace.org>
Subject: Re: [PATCH] Define CAP_SYSLOG
Date: Sat, 13 Mar 2010 23:35:21 -0600 [thread overview]
Message-ID: <20100314053521.GA12410@us.ibm.com> (raw)
In-Reply-To: <cfd18e0f1003132118y21bd71band2d07ae85c8d4c9@mail.gmail.com>
Quoting Michael Kerrisk (mtk.manpages@googlemail.com):
> > There is one downside to this patch: If some site or distro currently
> > has syslogd/whatever running as a non-root user with cap_sys_admin+pe,
> > then it will need to be changed to run with cap_syslog+pe. I don't
> > know if there are such sites, or if that concern means we should take
> > a different approach to introducing this change, or simply refuse this
> > change.
>
> *If* this is a problem, would the way to address it not be to permit
> syslog if the caller has *either* CAP_SYS_ADMIN or CAP_SYSLOG? (The
> only weakness I see in this idea is that it fails to lighten the
> hugely overlaoded CAP_SYS_ADMIN.)
Which becomes a very big weakness because it won't allow a
container to be started with cap_sys_admin but not cap_syslog
in its capability bounding set.
So, if it is deemed a problem, then the alternative will be to
introduce a syslog namespace. Container setup can then create
a new syslog namespace, and can no longer read or clear the
host's syslog.
thanks,
-serge
next prev parent reply other threads:[~2010-03-14 5:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-12 20:55 [PATCH] Define CAP_SYSLOG Serge E. Hallyn
2010-03-14 5:18 ` Michael Kerrisk
2010-03-14 5:35 ` Serge E. Hallyn [this message]
2010-03-15 1:16 ` Matthew Helsley
2010-03-15 4:24 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100314053521.GA12410@us.ibm.com \
--to=serue@us.ibm.com \
--cc=cpebenito@tresys.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox