| From: |
| Ismail =?iso-8859-1?q?D=F6nmez?= <ismail@pardus.org.tr> |
| To: |
| Andrew Morton <akpm@linux-foundation.org> |
| Subject: |
| Re: [PATCH] per-process securebits |
| Date: |
| Sun, 3 Feb 2008 08:25:48 +0200 |
| Message-ID: |
| <200802030825.49221.ismail@pardus.org.tr> |
| Cc: |
| "Andrew G. Morgan" <morgan@kernel.org>,
Linux Security Modules List
<linux-security-module@vger.kernel.org>,
linux-kernel@vger.kernel.org, "Serge E. Hallyn" <serue@us.ibm.com> |
| Archive-link: |
| Article,
Thread
|
At Sunday 03 February 2008 around 08:18:12 Andrew Morton wrote:
> So how do we ever get to the stage where we can recommend that distributors
> turn these things on, and have them agree with us?
FWIW with my distributor hat on I think File system capabilities are very nice
and enables one to ship a distribution with a small set of setuid binaries.
On the other hand for per-process securebits, it would be nice to see a
complete example how it could be applied to a setuid program. That would be a
nice step in moving forward.
Regards,
ismail
--
Never learn by your mistakes, if you do you may never dare to try again.
-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
