-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/29/2011 11:36 AM, Greg KH wrote:
On Fri, Apr 29, 2011 at 08:38:44AM +0200, Marcus Meissner wrote:
On Thu, Apr 28, 2011 at 07:40:08PM -0400, Jeff Mahoney wrote:
On 04/28/2011 02:50 PM, Brandon Philips wrote:
On 13:35 Thu 28 Apr 2011, Jeff Mahoney wrote:
- - patches.suse/file-capabilities-disable-by-default.diff [never submitted]
We should drop it. Upstream has had file caps by default since Nov 2009.
Upstream commits: b3a222e52e4d4be77cc4520a57af1a4a0d8222d1 1f29fae29709b4668979e244c09b2fa78ff1ad59
In doing a zypper dup today, I saw that something is looking at /proc/cmdline for "file_caps" as part of SuSEconfig running. We should probably figure out what that is.
The SuSEconfig permissions module, it decides on whether to handle file caps setting or not depending on the kernel.
Ludwig wants a patch to detect this for years in the mainline kernel, but it is not there yet.
Can you please take care that such a method is exposed by mainline? (file_caps might be disabled or enabled, we should handle both cases and detect it from the kernel.)
The patch doing this in the kernel is queued up to be accepted for the .40 kernel release, so perhaps I should also add it to our tree now so that FACTORY can be converted over to using it and this can be dropped?
If so, just let me know and I will go add it as it is in my upstream kernel tree already.
And it was my fault that it took so long to get accepted for the past 6+ months, sorry, it got lost in my patch queue :(
Just noticed I did "reply list" instead of "reply all" for my original reply to this. Here we go again, with a more fleshed out attachment. This has now become interesting, it seems. I just noticed that /bin/ping has capabilities set and is no longer suid root on two of my factory machines. Consequently, it's not working unless I boot with file_caps on the command line. Attached is a program that will report whether the kernel is honoring file capabilities on the file system where the program is located. It should be run as root. It will set the CAP_NET_RAW capability on itself, drop privileges, and fork/exec itself to compare how the capabilities have changed. Root will always return with all capabilities set, but the user's capability set will change based on the file capabilities. - -Jeff - -- Jeff Mahoney SUSE Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk3dS4sACgkQLPWxlyuTD7J26gCeNkMvp0W3r9lBSRYue26wqdA3 5CMAnRfaROaRSyIxF5XM/pzbc9M2aGq0 =mp5A -----END PGP SIGNATURE-----