On Mon, Jan 20, 2003 at 01:39:39AM +0100, Russell Coker wrote: > > What's the reason you can't just live with DAC for sysctls? > > What exactly do you mean by "live with DAC" in this context? If you mean > "allow UID==0 processes to do whatever they like" then it's not going to work > for any sort of chroot setup. This means check the unix file permissions / ACLs only overriden by CAP_FOWNER processes. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Jan 19 2003 - 16:44:16 PST