On Tue, May 19, 2015 at 1:03 PM, Christoph Lameter <cl@xxxxxxxxx> wrote: > On Tue, 19 May 2015, Andy Lutomirski wrote: > >> On May 19, 2015 8:37 AM, "Christoph Lameter" <cl@xxxxxxxxx> wrote: >> > >> > On Mon, 18 May 2015, Andy Lutomirski wrote: >> > >> > > > Could you provide an example to demonstrate how it is to be used? >> > > > Something similar to what I had in my patch? >> > > > >> > > >> > > Do you mean something like: >> > > >> > > setpriv --ambient-caps=+net_bind_service --inh-haps=+net_bind_service >> > > --euid=500 --ruid=500 bash >> > >> > Ok that means we also depend on a tool upgrade. >> > >> >> I think this is unavoidable, unless we want to change the semantics of >> inheritable caps, and that would open a giant can of worms. > > Ok then include a patch and references to that material. Or did I just not > see that? > It's in the cover letter, rather vaguely. I think I want to change the setpriv syntax a bit before sending it upstream, though -- it's sucks that you have to duplicate the option. Perhaps the ambient-caps option should implicitly raise inheritable caps if they're not already raised. Or maybe the absence of an inh-caps rule should cause any requested ambient caps to be made inheritable as well. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
