Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!
Daniel J Walsh
dwalsh at redhat.com
Fri Oct 29 12:20:45 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/29/2010 07:18 AM, Daniel P. Berrange wrote:
> On Fri, Oct 29, 2010 at 02:32:52PM +0530, Rahul Sundaram wrote:
>> On Fri, Oct 29, 2010 at 2:26 PM, Daniel P. Berrange wrote:
>>
>>>
>>>
>>> You want the libcap-ng-utils RPMs which provides a bunch of useful tools
>>> for this, filecap, netcap, pscap, etc.
>>>
>>
>> Is there any particular reason, the regular tools that users already use
>> cannot be modified to display the appropriate info, like SELinux and -Z
>> argument.
>
> In theory there's nothing preventing this. Deciding on/defining a concise
> display of capabilities info that doesn't mess up the formatting of
> ps/ls/etc is even tricker than with SELinux -Z because of the length of
> capabilities to display. eg, pscap for dhclient which has just 5 capabilities
> is showing
>
> 'dac_override, net_bind_service, net_admin, net_raw, sys_admin'
>
> There are 32 possible capabilites, so you'll quickly exceed the width
> of terminals just listing capabilities, in this format. You could try
> and decide on shortened names to < 5 characters each, but it isn't
> going to be so readable, nor very short for lots of caps
>
> Regards,
> Daniel
BTW I believe we now have > 32 capabilities, I believe there can now be
upto 64 capabilities, although I think there are only a couple added to
the second bitmask so far.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzKvB0ACgkQrlYvE4MpobOhmACfQu3x6cGE1BFvHE2XUpzJ8A96
6C0An22WAQG7Zym240DZ9mAD0nugVoUe
=0uSf
-----END PGP SIGNATURE-----
More information about the devel
mailing list