|| ||Ismail =?iso-8859-1?q?D=F6nmez?= <email@example.com>|
|| ||Andrew Morton <firstname.lastname@example.org>|
|| ||Re: [PATCH] per-process securebits|
|| ||Sun, 3 Feb 2008 08:25:48 +0200|
|| ||"Andrew G. Morgan" <email@example.com>,
Linux Security Modules List
firstname.lastname@example.org, "Serge E. Hallyn" <email@example.com>|
At Sunday 03 February 2008 around 08:18:12 Andrew Morton wrote:
> So how do we ever get to the stage where we can recommend that distributors
> turn these things on, and have them agree with us?
FWIW with my distributor hat on I think File system capabilities are very nice
and enables one to ship a distribution with a small set of setuid binaries.
On the other hand for per-process securebits, it would be nice to see a
complete example how it could be applied to a setuid program. That would be a
nice step in moving forward.
Never learn by your mistakes, if you do you may never dare to try again.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html