[Devel] Re: [PATCH RFC] Define CAP_SYSLOG
Serge E. Hallyn
serue at us.ibm.com
Fri Mar 12 07:02:47 PST 2010
Thanks, guys - I also need to update the selinux classmap in both
kernel and policy. Hoping to get around to that this afternoon,
but not sure.
-serge
Quoting Andrew G. Morgan (morgan at kernel.org):
> Acked-by: Andrew G. Morgan <morgan at kernel.org>
>
> I concur with Kees.
>
> Cheers
>
> Andrew
>
> On Mon, Mar 8, 2010 at 10:58 AM, Kees Cook <kees at ubuntu.com> wrote:
> > Hi Serge,
> >
> > On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote:
> >> Privileged syslog operations currently require CAP_SYS_ADMIN. Split
> >> this off into a new CAP_SYSLOG privilege which we can sanely take away
> >> from a container through the capability bounding set.
> >
> > Seems like a good idea, but it'll require code changes in libcap2,
> > libcap-ng, as well as manpages.
> >
> > I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN,
> > but this is a nice distinct subsystem to do now.
> >
> > Acked-By: Kees Cook <kees.cook at canonical.com>
> >
> > --
> > Kees Cook
> > Ubuntu Security Team
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> > the body of a message to majordomo at vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list