Re: Linux Capabilities runtime detection

From: Chris Wright (chrisw@private)
Date: Thu Apr 22 2004 - 19:05:56 PDT

Next message: hotnews: "$B!y13!&56$j$N$J$$:_Bp%o!<%/(B$BA[A|$H0c$$C/$b$,$S$C$/$j!*(B)$B!y("

Previous message: michele@private: "Linux Capabilities runtime detection"
In reply to: michele@private: "Linux Capabilities runtime detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* michele@private (michele@private) wrote:
> Upgrading one of my machines to 2.6.5 and with the linux capabilities
> compiled as a module (CONFIG_SECURITY_CAPABILITIES=m), I stumbled upon
> the fact that a stock bind9 (9.2.3) debian sid package (hence with support for
> linux capabilities) won't start anymore if the module "capability" is 
> not loaded. [1]
> 
> So I was wondering if the kernel does in some way (through /proc, /sys, or some
> other way) export the knowledge of having the "capability"
> functionalities (as a module or statically-compiled-in) available.
> I assume checking for a failed capset call is not the only way to get
> this information, am I right or did I miss something obvious?

No, that's the only mechanism.  Patches are welcome.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Next message: hotnews: "$B!y13!&56$j$N$J$$:_Bp%o!<%/(B$BA[A|$H0c$$C/$b$,$S$C$/$j!*(B)$B!y("
Previous message: michele@private: "Linux Capabilities runtime detection"
In reply to: michele@private: "Linux Capabilities runtime detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 22 2004 - 19:06:46 PDT