[PATCH RFC] Define CAP_SYSLOG
Andrew G. Morgan
morgan at kernel.org
Wed Mar 10 17:19:19 PST 2010
Acked-by: Andrew G. Morgan <morgan at kernel.org>
I concur with Kees.
Cheers
Andrew
On Mon, Mar 8, 2010 at 10:58 AM, Kees Cook <kees at ubuntu.com> wrote:
> Hi Serge,
>
> On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote:
>> Privileged syslog operations currently require CAP_SYS_ADMIN. Split
>> this off into a new CAP_SYSLOG privilege which we can sanely take away
>> from a container through the capability bounding set.
>
> Seems like a good idea, but it'll require code changes in libcap2,
> libcap-ng, as well as manpages.
>
> I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN,
> but this is a nice distinct subsystem to do now.
>
> Acked-By: Kees Cook <kees.cook at canonical.com>
>
> --
> Kees Cook
> Ubuntu Security Team
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
More information about the Containers
mailing list