Hi Serge, On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote: > Privileged syslog operations currently require CAP_SYS_ADMIN. Split > this off into a new CAP_SYSLOG privilege which we can sanely take away > from a container through the capability bounding set. Seems like a good idea, but it'll require code changes in libcap2, libcap-ng, as well as manpages. I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN, but this is a nice distinct subsystem to do now. Acked-By: Kees Cook <kees.cook@xxxxxxxxxxxxx> -- Kees Cook Ubuntu Security Team _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
