About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 13 May 2004 - 16:12:54 BST


On Thu, May 13, 2004 at 11:01:10AM -0400, Gregory (Grisha) Trubetskoy wrote:
>
> Has there been any discussion of having a feature whereby a binary would
> be executed with higher capabilities automatically?
>
> Something like having a config file of some sort in the main server that
> lists a binary, its timestamp, size, an MD5/SHA hash and the capability.
> Whenever this binary would be invoked in a vserver it would atumatically
> be given those capabilities, provided that the time/size/hash matches.
>
> Or is this somehow technically unfeasable?

suid binaries should automatically receive the
maximum allowed set of capabilities (which is
usually the upper bound of the vserver, and
cannot be exceeded for good reason)

looks to me like a 'I need CAP_NET_RAW for ping
to work', but maybe I'm wrong ...

best,
Herbert

> Grisha
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 13 May 2004 - 16:13:09 BST by hypermail 2.1.3