[PATCH] 2.6.13: Filesystem capabilities 0.16

[PATCH] 2.6.13: Filesystem capabilities 0.16

[Olaf Dietsche]

This patch implements filesystem capabilities. It allows to run
privileged executables without the need for suid root.

Changes:
- updated to 2.6.13

This patch is available at:
<http://www.olafdietsche.de/linux/capability/>

Regards, Olaf.

Re: [PATCH] 2.6.13: Filesystem capabilities 0.16

[Nix]

On 1 Sep 2005, Olaf Dietsche murmured woefully:
> This patch implements filesystem capabilities. It allows to run
> privileged executables without the need for suid root.

Is there some reason why this doesn't keep its capability data in
xattrs?

-- 
`... published last year in a limited edition... In one of the
 great tragedies of publishing, it was not a limited enough edition
 and so I have read it.' --- James Nicoll

Re: [PATCH] 2.6.13: Filesystem capabilities 0.16

[serue]

Or, has there been any communication between yourself and
Nicholas Hans Simmonds, who posted his xattr-based fscaps
patch in july (first posting july 2)?

thanks,
-serge

Quoting Nix (nix@esperi.org.uk):
> On 1 Sep 2005, Olaf Dietsche murmured woefully:
> > This patch implements filesystem capabilities. It allows to run
> > privileged executables without the need for suid root.
> 
> Is there some reason why this doesn't keep its capability data in
> xattrs?
> 
> -- 
> `... published last year in a limited edition... In one of the
>  great tragedies of publishing, it was not a limited enough edition
>  and so I have read it.' --- James Nicoll
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
> 

Re: [PATCH] 2.6.13: Filesystem capabilities 0.16

[Olaf Dietsche]

Nix <nix@esperi.org.uk> writes:

> On 1 Sep 2005, Olaf Dietsche murmured woefully:
>> This patch implements filesystem capabilities. It allows to run
>> privileged executables without the need for suid root.
>
> Is there some reason why this doesn't keep its capability data in
> xattrs?

When I started fscaps, xattr were new to me and I didn't understand
how to use them. So, I went and made a small and independent patch.

If you're interested in an xattr based approach, you may look at
<http://www.kernel.org/pub/linux/libs/security/linux-privs/>, which is
very old or at <http://www.stanford.edu/~luto/linux-fscap/>, which is
a more recent implementation.

As serge pointed out, there's a third from Nicholas Hans Simmonds.

Regards, Olaf.

Re: [PATCH] 2.6.13: Filesystem capabilities 0.16

[Olaf Dietsche]

serue@us.ibm.com writes:

> Or, has there been any communication between yourself and
> Nicholas Hans Simmonds, who posted his xattr-based fscaps
> patch in july (first posting july 2)?

Short answer: no. I'm just keeping this patch up to date for myself
and those interested (if any ;-).

Regards, Olaf.