On Wed, 2009-11-11 at 11:32 -0500, Dave Jones wrote: > On Wed, Nov 11, 2009 at 09:52:02AM -0500, Adam Jackson wrote: > > On Tue, 2009-11-10 at 18:00 -0500, Dave Jones wrote: > > > On Wed, Nov 11, 2009 at 09:56:57AM +1100, James Morris wrote: > > > > How might this affect the Fedora kernel? > > > > > > We set it =y, so it wouldn't affect us if I understand correctly. > > > Also, I'm not sure that anything in userspace is actually using > > > this feature yet anyway. > > > > google codesearch to the rescue: > > > > http://google.com/codesearch?hl=en&sa=N&filter=0&q=prctl.*PR_CAPBSET_DROP > > afaik, that prctl is available regardless of the option being set. > I meant I don't think anything we ship is using the file capabilities, > which is a way of marking executable files with the caps they need > instead of having them be setuid. > > (I'm not even sure what tool we would use to set those capabilities, > or if we ship it) /usr/sbin/setcap from libcap But you are right, Fedora makes no use of file capabilities anywhere in the distro to my knowledge. -Eric _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-kernel-list
