Fedora 11: moving to posix file capabilities?
Steve Grubb
sgrubb at redhat.com
Sat Nov 1 14:14:22 UTC 2008
On Friday 31 October 2008 21:41:50 Chris Adams wrote:
> Would it be possible to implement capabilities in a backwards compatible
> fashion? For example, still have e.g. /bin/ping setuid-root, but also
> have capabilities assigned, and have the capabilities override
> setuid-root (if capabilities are assigned the setuid/setgid bits are
> ignored).
This is an interesting idea. I haven't tested to see which one overrides, but
I think this would be a good backwards compatible solution. Might take a
kernel patch to fix, but worth looking into.
Thanks,
-Steve
More information about the fedora-devel-list
mailing list