Acked-by: Andrew G. Morgan <morgan@xxxxxxxxxx> I concur with Kees. Cheers Andrew On Mon, Mar 8, 2010 at 10:58 AM, Kees Cook <kees@xxxxxxxxxx> wrote: > Hi Serge, > > On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote: >> Privileged syslog operations currently require CAP_SYS_ADMIN. Split >> this off into a new CAP_SYSLOG privilege which we can sanely take away >> from a container through the capability bounding set. > > Seems like a good idea, but it'll require code changes in libcap2, > libcap-ng, as well as manpages. > > I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN, > but this is a nice distinct subsystem to do now. > > Acked-By: Kees Cook <kees.cook@xxxxxxxxxxxxx> > > -- > Kees Cook > Ubuntu Security Team > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
