Is there any chance for a new version of compartment to come out?
Hi there! I'd really like to make use of the Linux Capabilities, but unfortunately the tool compartment isn't developed any further ... the documentation of version 1.1 says that some special call would be added when the 2.4 kernel came out... well I think 2.4 is out. I've also already spammed the author... nothing happened :-( Isn't there anyone else interested in the capabilities? Don't the capabilities work properly? What is the reason why no new compartment version comes out? Are there any other tools as compartment replacement? Peter Asemann
well, i'm using ist with SuSE 7.2, Kernel 2.4.16-4GB and I got it up running for bind8, squi2 and jftpgw (I can't say it is realy doing it's job - has anybody a good idea how to test it?)
I'd really like to make use of the Linux Capabilities, but unfortunately the tool compartment isn't developed any further ... the documentation of version 1.1 says that some special call would be added when the 2.4 kernel came out... well I think 2.4 is out.
Well, I use it for Apache, can't tell if it works, too, but the README of Compartment 1.1 promises that in a coming version the combination of --user and --caps would be possible. So you could execute programs with user rights plus some extra capabilities, too, I suppose. It's of course okay to run all programs as root, taking them some capabilities with --caps, but if there theoretically now was that other possibility, why not use it? At least I'd feel better if a program ran as user with extra caps than if a program ran as root with restricted caps. Peter Asemann
On Sun, Sep 01, 2002 at 01:59:48PM +0200, Ace wrote:
Well, I use it for Apache, can't tell if it works, too, but the README of Compartment 1.1 promises that in a coming version the combination of --user and --caps would be possible. So you could execute programs with user rights plus some extra capabilities, too, I suppose.
I've implemented this for 8.1 and given the patches to Marc. Not sure if he'll publish an updated version on his web page. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (3)
-
Ace -
Jan -
Olaf Kirch