User: Password:
Subscribe / Log in / New account



Posted Nov 2, 2007 6:42 UTC (Fri) by njs (guest, #40338)
In reply to: Fixing CAP_SETPCAP by njs
Parent article: Fixing CAP_SETPCAP

Err... ObOnTopic: Building a system like I describe is much easier given the existence of
CAP_SYS_CHROOT.  (Though another option would be to eliminate the root dir entirely by
chrooting everything to a designated unreadable/unwriteable/empty directory, and just using
openat() etc all the time.  ...Too bad there's no execat().)

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds