From: Casey Schaufler <casey@schaufler-ca.com>
To: Christoph Lameter <cl@linux.com>, Andy Lutomirski <luto@amacapital.net>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Jonathan Corbet <corbet@lwn.net>,
Aaron Jones <aaronmdjones@gmail.com>, "Ted Ts'o" <tytso@mit.edu>,
LSM List <linux-security-module@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linuxfoundation.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [capabilities] Allow normal inheritance for a configurable set of capabilities
Date: Tue, 03 Feb 2015 07:40:24 -0800 [thread overview]
Message-ID: <54D0EBE8.8090203@schaufler-ca.com> (raw)
In-Reply-To: <alpine.DEB.2.11.1502030917300.6059@gentwo.org>
On 2/3/2015 7:17 AM, Christoph Lameter wrote:
> On Mon, 2 Feb 2015, Andy Lutomirski wrote:
>
>> None of this could address the problem here, though: if I hold a
>> capability and I want to pass that capability to an exec'd helper, I
>> shouldn't need the fs's help to do this.
> Amen!
>
That's completely consistent with the notion that if a binary has no
file capabilities (as opposed to a set that contains no capabilities)
the process capabilities are unchanged by exec(). If the binary does
have capabilities, however, it must always apply them. That should be
obvious. In your case, the helper would have no file capabilities, and
hence get whatever the invoker has. A program that should never run with
capabilities should have a file attribute stating such. Where it gets
sticky is the case where you want inheritance when invoked by one service
and no capabilities when invoked from another. If we live with the notion
that you have to choose this is easy enough to solve.
next prev parent reply other threads:[~2015-02-03 15:40 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-02 16:21 [capabilities] Allow normal inheritance for a configurable set of capabilities Christoph Lameter
2015-02-02 17:12 ` Serge Hallyn
2015-02-02 17:18 ` Andy Lutomirski
2015-02-02 18:09 ` Serge Hallyn
2015-02-03 15:16 ` Christoph Lameter
2015-02-03 15:23 ` Christoph Lameter
2015-02-03 15:55 ` Serge E. Hallyn
2015-02-03 17:18 ` Christoph Lameter
2015-02-03 17:26 ` Serge E. Hallyn
2015-02-04 15:15 ` Andrew G. Morgan
2015-02-04 15:50 ` Christoph Lameter
2015-02-04 15:56 ` Serge E. Hallyn
2015-02-04 16:12 ` Andrew G. Morgan
2015-02-04 16:34 ` Andy Lutomirski
2015-02-04 16:54 ` Andrew G. Morgan
2015-02-04 17:34 ` Serge E. Hallyn
2015-02-04 18:12 ` Christoph Lameter
2015-02-04 16:43 ` Christoph Lameter
2015-02-04 16:27 ` Andy Lutomirski
2015-02-05 0:34 ` Serge E. Hallyn
2015-02-05 15:23 ` Serge E. Hallyn
2015-02-25 21:50 ` Pavel Machek
2015-02-25 23:59 ` Christoph Lameter
2015-02-26 12:27 ` Pavel Machek
2015-02-27 20:15 ` Andy Lutomirski
2015-02-27 20:48 ` Pavel Machek
2015-02-27 20:56 ` Andy Lutomirski
2015-02-27 22:47 ` Pavel Machek
2015-02-02 17:54 ` Casey Schaufler
2015-02-02 18:08 ` Serge Hallyn
2015-02-02 18:47 ` Mimi Zohar
2015-02-02 19:05 ` Austin S Hemmelgarn
2015-02-02 20:35 ` Casey Schaufler
2015-02-03 16:04 ` Serge E. Hallyn
2015-02-02 19:00 ` Casey Schaufler
2015-02-05 0:20 ` Serge E. Hallyn
2015-02-02 20:37 ` Andy Lutomirski
2015-02-02 20:54 ` Casey Schaufler
2015-02-03 15:51 ` Serge E. Hallyn
2015-02-03 16:37 ` Casey Schaufler
2015-02-03 17:28 ` Serge E. Hallyn
2015-02-03 17:50 ` Casey Schaufler
2015-02-03 19:45 ` Christoph Lameter
2015-02-03 20:13 ` Andy Lutomirski
2015-02-03 23:14 ` Christoph Lameter
2015-02-03 23:17 ` Andy Lutomirski
2015-02-04 2:27 ` Christoph Lameter
2015-02-04 6:05 ` Markku Savela
2015-02-04 13:17 ` Christoph Lameter
2015-02-04 13:41 ` Markku Savela
2015-02-04 14:56 ` Jarkko Sakkinen
2015-02-03 15:17 ` Christoph Lameter
2015-02-03 15:40 ` Casey Schaufler [this message]
2015-02-03 15:46 ` Serge E. Hallyn
2015-02-03 17:19 ` Christoph Lameter
2015-02-03 17:29 ` Serge E. Hallyn
2015-02-25 21:50 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54D0EBE8.8090203@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=aaronmdjones@gmail.com \
--cc=akpm@linuxfoundation.org \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=serge.hallyn@canonical.com \
--cc=serge.hallyn@ubuntu.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox