From: Aaron Jones <aaronmdjones@gmail.com>
To: linux-kernel@vger.kernel.org
Subject: Re: File capabilities are not 'working' and I have no idea why
Date: Tue, 04 Feb 2014 19:18:41 +0000 [thread overview]
Message-ID: <52F13D11.8090009@gmail.com> (raw)
In-Reply-To: <52DE7557.3000500@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I have isolated the problem. File capabilities are not assigned when
the program being executed is located on a filesystem mounted with
the "nosuid" option.
This seems counter-intuitive; a fully capability-based system would
not use setuid binaries... so a logical thing to do would be to
prevent the setuid bits from doing anything, which is what the
nosuid flag is for, no?
Or am I missing something?
Can we get a config flag to toggle this behaviour?
Aaron Jones.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJS8T0RAAoJEG6FTA+q1M6knGgP/i6UattzXwpFM80Q32GelaTe
cu8JQLY/BCjN/vICit7VTyAFkxxy5sKxBZB/YYBRa9AlRiMR0MjPb2lhL0q1HJeW
1hl0/91/Mq7jDRC31y5UXCLv9P2iqoM4gZP4eh2b0xOXtZhOPstX24lIxTWIxQ/6
rDJkW6pht9x2NWZIlpuxW8qFpaTZ7iw9zAYEs8Jm/PyXaRi07vY2CJhk+WzdrUZq
+NKA9H5ZmaQlyyjBEHA5AEPm2xqxGz8PvI4UhKAzxTC2dBeGL26zYmIxXWsTnq5Z
reyM0vqGzqLPyYh02mUz+8f72UtYEogZQGdhlfyqEObcXM5FW7JyA+NWi7UIxVB4
qJaUX/h/CllIXapDklMpfxpWeM/0lI8vOnF6z+PFBhJFN7+2bEnmPHWvVPqYr3Uu
EhkOjHYT5GNX0s42jR6Y3etWNel+whISyDAYd203lewqFmAKapoDSJgY8+wYdq/Y
s6kiSMupkXcS1vC4qDAprpcXGOBjzSNL+iiwYKgzStuTXNEvRqn4eS955UwCI1/k
PzYbXMDUuqZbL8446IrSpYnmzwy3YJvNqFX5kpFdvmwk1j75oXkJ/09O+hN4L2bZ
45teFqvTw4FrZGltvKt52iZC8+gkuPnpY1nujSpLnQMM28zSn1TNYXScmaQinjVb
TjuUQDZ3NlE7XSZp20Jp
=LOIA
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2014-02-04 19:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-21 13:25 File capabilities are not 'working' and I have no idea why Aaron Jones
2014-01-26 16:22 ` Serge E. Hallyn
2014-01-26 16:28 ` Aaron Jones
2014-02-04 19:18 ` Aaron Jones [this message]
2014-02-06 21:30 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52F13D11.8090009@gmail.com \
--to=aaronmdjones@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox