[redhat-lspp] New pam src rpm with namespace
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 16 15:48:29 UTC 2006
On Thu, 2006-02-16 at 10:29 -0500, JANAK DESAI wrote:
> Yes, it does. It follows what clone(CLONE_NEWNS) requires.
Ok. Not sure how to avoid requiring CAP_SYS_ADMIN for sshd then, unless
we do create a new capability (using the last available bit) and start
using it for all namespace-related operations, replacing CAP_SYS_ADMIN
usage there.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list