[Devel] Re: [PATCH RFC] Define CAP_SYSLOG
Kees Cook
kees at ubuntu.com
Mon Mar 8 11:02:11 PST 2010
Hi Serge,
On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote:
> Privileged syslog operations currently require CAP_SYS_ADMIN. Split
> this off into a new CAP_SYSLOG privilege which we can sanely take away
> from a container through the capability bounding set.
Seems like a good idea, but it'll require code changes in libcap2,
libcap-ng, as well as manpages.
I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN,
but this is a nice distinct subsystem to do now.
Acked-By: Kees Cook <kees.cook at canonical.com>
--
Kees Cook
Ubuntu Security Team
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list