On Mon, 31 Jul 2017, Kees Cook wrote: > On Mon, Jul 31, 2017 at 10:19 AM, Christopher Lameter <cl@xxxxxxxxx> wrote: > > I saw that Morgan added ambient capabilities support in libpcap awhile > > ago. > > > > Could we also have support through /etc/security/capability.conf? > > > > Would like to have certain users with a set of ambient caps on login so > > that close to hardware operations can be done restricted to a certain > > user. > > That'd be pretty awesome! I know systemd is providing configs for > ambient caps for services too. systemd works if you configure the user from systemd and then equip it with ambient caps. But you cannot do this with sshd or some such thing because the ambient caps are lost when the userid changes. If ambient caps would work in pam then I could get certain users the priviledges they need to directly access hardware and networking and scheduling syscalls. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
