[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Fedora 11: moving to posix file capabilities?
- From: Dax Kelson <dkelson gurulabs com>
- To: Development discussions related to Fedora <fedora-devel-list redhat com>
- Cc:
- Subject: Re: Fedora 11: moving to posix file capabilities?
- Date: Sat, 01 Nov 2008 01:09:13 -0600
On Wed, 2008-10-29 at 15:02 -0400, Steve Grubb wrote:
> We tried to support this in F-10 by having a test run with ping. We figured
> that is a simple well defined app that could be used as a test subject. We
> opened bz 455713 to document the change over. Turns out that people compile
> their own kernels and do not necessarily turn this on. So, what do we do in
> that case?
I thought more about this.
How about a check in rc.sysinit to see if the kernel supports
capabilities?
If the check fails it could do either or both of the following:
1. Display and log nasty warning message
2. Run the command: chmod u+s `cat /etc/posixcapbinaries`
Doing 2. would be the "friendly" thing to give the user a non-broken
system. It does make it a bit more complicated because you'd want some
logic that if they booted back to a kernel with posix capabilities you
stripped the suid bits. Also, rpm verity will complain.
Dax Kelson
Guru Labs
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]