> Generally, though there'd need to be an option to emulate, say, setgid
> mail.
Look at sucap and execcap available with libcap. Combine them and you
get a capability wrapper.
> On Sat, Nov 02, 2002 at 09:00:38PM -0700, Dax Kelson wrote:
>
>> Currently all capabilities are cleared when non-root app does a execp.
>> This would need to be addressed.
>
> Hrmm. I thought the inherit mask dealt with that.
You need the inherit set of the parent process _and_ the inherit set
of the binary to agree. For the latter you need some sort of fs
capabilities.
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/