|| ||Ismail =?iso-8859-1?q?D=F6nmez?= <firstname.lastname@example.org>|
|| ||Andrew Morton <email@example.com>|
|| ||Re: [PATCH] per-process securebits|
|| ||Sun, 3 Feb 2008 08:25:48 +0200|
|| ||"Andrew G. Morgan" <firstname.lastname@example.org>,
Linux Security Modules List
email@example.com, "Serge E. Hallyn" <firstname.lastname@example.org>|
At Sunday 03 February 2008 around 08:18:12 Andrew Morton wrote:
> So how do we ever get to the stage where we can recommend that distributors
> turn these things on, and have them agree with us?
FWIW with my distributor hat on I think File system capabilities are very nice
and enables one to ship a distribution with a small set of setuid binaries.
On the other hand for per-process securebits, it would be nice to see a
complete example how it could be applied to a setuid program. That would be a
nice step in moving forward.
Never learn by your mistakes, if you do you may never dare to try again.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html