On Wed, 2012-01-11 at 11:25 -0600, Will Drewry wrote: > Filter programs may _only_ cross the execve(2) barrier if last filter > program was attached by a task with CAP_SYS_ADMIN capabilities in its > user namespace. Once a task-local filter program is attached from a > process without privileges, execve will fail. This ensures that only > privileged parent task can affect its privileged children (e.g., setuid > binary). This means that a non privileged user can not run another program with limited features? How would a process exec another program and filter it? I would assume that the filter would need to be attached first and then the execv() would be performed. But after the filter is attached, the execv is prevented? Maybe I don't understand this correctly. -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
