public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Serge Hallyn <serge.hallyn@canonical.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "Andrew G. Morgan" <morgan@kernel.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Kees Cook <keescook@chromium.org>,
	James Morris <james.l.morris@oracle.com>,
	Eric Paris <eparis@redhat.com>,
	"Serge E. Hallyn" <serge@canonical.com>,
	Markku Savela <msa@moth.iki.fi>
Subject: Re: [RFC] Capabilities still can't be inherited by normal programs
Date: Mon, 10 Dec 2012 08:59:50 -0600	[thread overview]
Message-ID: <20121210145950.GC8137@sergelap> (raw)
In-Reply-To: <CALCETrXrX7V0uW1XQgUAoror1D1ymZL8_0PxjQRWEoSaXT+phg@mail.gmail.com>

Quoting Andy Lutomirski (luto@amacapital.net):
> It's especially bad because granting CAP_DAC_READ_SEARCH to user "foo"
> doesn't mean anything.  Is he authorized to back things up to
> encrypted storage?

We're talking about privileges at the kernel level here, and there is
no way this could be expressed at that level.

Higher level tools could/should certainly be exposing things at this
level.

BUT

You *are* doing a good job of making me feel that we should have
per-user fI xattrs or acls.  Sudo is popular because people like to say
"user joe can run foo with privilege".  Most people will never want to
be bothered to say "user joe can run foo with CAP_XYZ" (versus "as
root"), but I do think we could get programs/packages to do that.

Note that another difficulty here likes in the age-old, as yet
unanswered imo, question of "how do I easily figure out what caps I need
to run my program."  A few years ago I pointed to this (perhaps in
mostly private emails, don't recall) as something to be solved, but
the solution escapes me.

-serge

  parent reply	other threads:[~2012-12-10 15:00 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-02  3:04 [RFC] Capabilities still can't be inherited by normal programs Andy Lutomirski
2012-12-02 17:21 ` Andrew G. Morgan
2012-12-02 18:35   ` Andy Lutomirski
2012-12-02 22:26     ` Andrew G. Morgan
2012-12-02 23:04       ` Andy Lutomirski
2012-12-03  2:20         ` Andrew G. Morgan
2012-12-03  4:48           ` Andy Lutomirski
2012-12-04 13:54             ` Serge E. Hallyn
2012-12-05 19:32               ` Andy Lutomirski
2012-12-05 20:12                 ` Markku Savela
2012-12-05 21:05                 ` Serge Hallyn
2012-12-05 21:46                   ` Andy Lutomirski
2012-12-05 22:20                     ` Serge Hallyn
2012-12-07  0:57                       ` Casey Schaufler
2012-12-07 14:42                         ` Serge E. Hallyn
2012-12-07 17:00                           ` Casey Schaufler
2012-12-07 17:07                           ` Andrew G. Morgan
2012-12-07 18:39                             ` Andy Lutomirski
2012-12-08 22:33                               ` Andrew G. Morgan
2012-12-08 23:37                                 ` Andy Lutomirski
2012-12-08 23:57                                   ` Andy Lutomirski
2012-12-12 18:29                                     ` Andy Lutomirski
2012-12-12 18:45                                       ` Serge Hallyn
2012-12-19 13:14                                       ` Pádraig Brady
2012-12-10 14:59                                   ` Serge Hallyn [this message]
2012-12-10 15:47                                     ` Casey Schaufler
2012-12-10 16:27                                       ` Serge Hallyn
2012-12-10 18:12                                       ` Andy Lutomirski
2012-12-10 19:13                                         ` Casey Schaufler
2012-12-10 19:31                                           ` Andy Lutomirski
2012-12-10 19:51                                             ` Casey Schaufler
2012-12-10 19:55                                               ` Andy Lutomirski
2012-12-10 20:17                                                 ` Kees Cook
2012-12-10 18:05                                     ` Andy Lutomirski
2012-12-10 14:36                                 ` Serge Hallyn
     [not found]                           ` <CALQRfL6UWLFpTfvan9oirtLdozJqZX4oZwDuQFVnJp8MP06C_Q@mail.gmail.com>
2012-12-10 14:27                             ` Serge Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121210145950.GC8137@sergelap \
    --to=serge.hallyn@canonical.com \
    --cc=casey@schaufler-ca.com \
    --cc=eparis@redhat.com \
    --cc=james.l.morris@oracle.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=morgan@kernel.org \
    --cc=msa@moth.iki.fi \
    --cc=serge@canonical.com \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox