On Mon, Jul 7, 2014 at 1:20 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > Il 07/07/2014 12:29, David Drysdale ha scritto: >> Capsicum capabilities are associated with the file descriptor (a la >> F_GETFD), not the open file itself -- different FDs with different >> associated rights can map to the same underlying open file. > > > Good to know, thanks. I suppose you have testcases that cover this. > > Paolo Yeah, there's lots of tests at: https://github.com/google/capsicum-test (which is in a separate repo so it's easy to run against FreeBSD as well as the Linux code); in particular https://github.com/google/capsicum-test/blob/dev/capability-fd.cc has various interactions of capability FDs. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
