On Mon, 28 Dec 2009 23:20:50 -0600 "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote: > Quoting Serge E. Hallyn (serue@xxxxxxxxxx): > > Quoting Mike Kazantsev (mk.fraggod@xxxxxxxxx): > > > CAP_DAC_READ_SEARCH seem to be well-suited and sufficient for the > > > task, according to docs: > > > > > > Bypass file read permission checks and directory read and > > > execute permission checks. > > > > > > > > > I can see it bypassing directory checks, but it fails to bypass > > > file permission check. > > Egads, I'm sorry, Mike. I was sure that if there was any problem it > would be in the exec_permission_lite path, that I had only checked DAC > perms on the path. In fact, it's the DAC perms on the actual file > which are the problem. I can reproduce your problem, and the > following patch fixes it. Please confirm. > Indeed it works for both 2.6.32.2 and 2.6.33-rc2, thank you. -- Mike Kazantsev // fraggod.net -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
