From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 13 May 2004 - 16:12:54 BST
On Thu, May 13, 2004 at 11:01:10AM -0400, Gregory (Grisha) Trubetskoy wrote:
> Has there been any discussion of having a feature whereby a binary would
> be executed with higher capabilities automatically?
> Something like having a config file of some sort in the main server that
> lists a binary, its timestamp, size, an MD5/SHA hash and the capability.
> Whenever this binary would be invoked in a vserver it would atumatically
> be given those capabilities, provided that the time/size/hash matches.
> Or is this somehow technically unfeasable?
suid binaries should automatically receive the
maximum allowed set of capabilities (which is
usually the upper bound of the vserver, and
cannot be exceeded for good reason)
looks to me like a 'I need CAP_NET_RAW for ping
to work', but maybe I'm wrong ...
> Vserver mailing list
Vserver mailing list