Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Compartment and --cap
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 23 Jan 2002 13:19:30 +0200
  • Message-id: <20020123131930.B13105@xxxxxxxxxxxx>
* Rainer Link; <link@xxxxxxx> on 23 Jan, 2002 wrote:
Well, all the capabilities should be described in
/usr/src/linux/include/linux/capability.h

Well I know as I said in my previous mail I had a look to it and it
sounds Greek to me as I am not a programmer


You may have a look at
ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/

Ok this one has the same capfaq.txt which I have founded
or
http://www.de.lids.org/lids-howto/node34.html
(although the latter one refers obviously to LIDS)

this is new, thanks

What I am trying to understand is let's say I am using compartment to
chroot apache since it will be binded to port 80 I have to use
CAP_NET_BIND_SERVICE if I understood correctly. Since I am using kernel
2.2.19 I cannot use --cap together with --user --group parameters. I can
only use --group. I am giving the benefit of doubt that "--group
nogroup" is safer than "--group root".
So basicly I am looking for explanation or examples of these in "plain
English" :-)
Thanks for the links though if I cannot find a plain english version I
have to study them deep hard before putting the server on the net



--
Togan Muftuoglu




< Previous Next >