Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
[opensuse] Re: Should openSUSE review it's Security Policies?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Thu, 1 Mar 2012 19:53:51 +0000 (UTC)
  • Message-id: <jiok4f$aj1$2@dough.gmane.org>
On Thu, 01 Mar 2012 14:52:43 +0100, Per Jessen wrote:

Well, maybe start with "man capabilities". I think that is where I saw
CAP_NET_BROADCAST mentioned. I have never played with any of this, but
my understanding is that you can manage various capabilities on a
per-process or per-user basis. I'm grasping at straws, but I'm sure
somebody here will have an actual understanding of this.

From what I understand, kernel capabilities are disabled selectively -
you start a program as root and it has access to everything, and then the
program (perhaps also an external process can do this - that I don't
know) disables what the program shouldn't be allowed to do.

Jim

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups