Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59

From: Christoph Hellwig (hchat_private)
Date: Sun Jan 19 2003 - 16:43:20 PST

  • Next message: Russell Coker: "Re: [RFC][PATCH] Add LSM sysctl hook to 2.5.59"

    On Mon, Jan 20, 2003 at 01:39:39AM +0100, Russell Coker wrote:
    > > What's the reason you can't just live with DAC for sysctls?
    > What exactly do you mean by "live with DAC" in this context?  If you mean 
    > "allow UID==0 processes to do whatever they like" then it's not going to work 
    > for any sort of chroot setup.
    This means check the unix file permissions / ACLs only overriden by
    CAP_FOWNER processes.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sun Jan 19 2003 - 16:44:16 PST