Re: [capabilities] Allow normal inheritance for a configurable set
of capabilities
[Posted February 10, 2015 by jake]
| From: |
| Markku Savela <msa-AT-moth.iki.fi> |
| To: |
| Andy Lutomirski <luto-AT-amacapital.net>, Christoph Lameter <cl-AT-linux.com> |
| Subject: |
| Re: [capabilities] Allow normal inheritance for a configurable set of capabilities |
| Date: |
| Wed, 04 Feb 2015 08:05:07 +0200 |
| Message-ID: |
| <54D1B693.7060806@moth.iki.fi> |
| Cc: |
| Casey Schaufler <casey-AT-schaufler-ca.com>, "Serge E. Hallyn" <serge-AT-hallyn.com>, Serge Hallyn <serge.hallyn-AT-ubuntu.com>, Serge Hallyn <serge.hallyn-AT-canonical.com>, Jonathan Corbet <corbet-AT-lwn.net>, Aaron Jones <aaronmdjones-AT-gmail.com>, Ted Ts'o <tytso-AT-mit.edu>, LSM List <linux-security-module-AT-vger.kernel.org>, "linux-kernel-AT-vger.kernel.org" <linux-kernel-AT-vger.kernel.org>, Andrew Morton <akpm-AT-linuxfoundation.org> |
| Archive‑link: | |
Article |
Just a note... We had inheritable capabilities in the linux of Nokia N9
phone.
If a program needed some capabilities, they had to be requested by the
manifest file inside the debian package. Of course, request is only
granted if the package origin had permission to grant them.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
