Re: [PATCH] add some long-missing capabilities to fs_mask
[Posted April 15, 2009 by jake]
| From: |
| Valdis.Kletnieks-AT-vt.edu |
| To: |
| "Serge E. Hallyn" <serue-AT-us.ibm.com> |
| Subject: |
| Re: [PATCH] add some long-missing capabilities to fs_mask |
| Date: |
| Mon, 13 Apr 2009 17:03:28 -0400 |
| Message-ID: |
| <13502.1239656608@turing-police.cc.vt.edu> |
| Cc: |
| Linus Torvalds <torvalds-AT-linux-foundation.org>,
mtk.manpages-AT-gmail.com, Stephen Smalley <sds-AT-epoch.ncsc.mil>,
Andrew Morgan <morgan-AT-kernel.org>,
linux-security-module-AT-vger.kernel.org,
lkml <linux-kernel-AT-vger.kernel.org>, linux-nfs-AT-vger.kernel.org,
Igor Zhbanov <izh1979-AT-gmail.com>,
"J. Bruce Fields" <bfields-AT-citi.umich.edu>, stable-AT-kernel.org,
linux-api-AT-vger.kernel.org, Chris Wright <chrisw-AT-sous-sol.org> |
| Archive‑link: | |
Article |
On Mon, 13 Apr 2009 09:56:14 CDT, "Serge E. Hallyn" said:
> When POSIX capabilities were introduced during the 2.1 Linux
> cycle, the fs mask, which represents the capabilities which having
> fsuid==0 is supposed to grant, did not include CAP_MKNOD and
> CAP_LINUX_IMMUTABLE. However, before capabilities the privilege
> to call these did in fact depend upon fsuid==0.
Wow. How did this manage to stay un-noticed for this long?
