Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Compartment and --cap
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 23 Jan 2002 13:19:30 +0200
  • Message-id: <20020123131930.B13105@xxxxxxxxxxxx>
* Rainer Link; <link@xxxxxxx> on 23 Jan, 2002 wrote:
Well, all the capabilities should be described in

Well I know as I said in my previous mail I had a look to it and it
sounds Greek to me as I am not a programmer

You may have a look at

Ok this one has the same capfaq.txt which I have founded
(although the latter one refers obviously to LIDS)

this is new, thanks

What I am trying to understand is let's say I am using compartment to
chroot apache since it will be binded to port 80 I have to use
CAP_NET_BIND_SERVICE if I understood correctly. Since I am using kernel
2.2.19 I cannot use --cap together with --user --group parameters. I can
only use --group. I am giving the benefit of doubt that "--group
nogroup" is safer than "--group root".
So basicly I am looking for explanation or examples of these in "plain
English" :-)
Thanks for the links though if I cannot find a plain english version I
have to study them deep hard before putting the server on the net

Togan Muftuoglu

< Previous Next >