On Tue, 24 Feb 2015, Serge E. Hallyn wrote: > The other way to look at it then is that it's basically as though the > privileged task (which has CAP_SETFCAP) could've just added fI=full to > all binaries on the filesystem; instead it's using the ambient set > so that the risk from fI=full is contained to its own process tree. The way that our internal patch works is to leave these things alone and just check the ambient mask in the *capable*() functions. That way the behavior of the existing cap bits does not change but the ambient caps stay available. Apps have no surprises. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
