Granting a capability to a service
Steve Grubb
sgrubb at redhat.com
Mon Jul 20 19:26:01 UTC 2015
On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote:
> On Jul 20, 2015 11:05 AM, "Florian Weimer" <fweimer at redhat.com> wrote:
> > On 07/20/2015 05:59 PM, Steve Grubb wrote:
> > > Today, any application that wants to manipulate capabilities needs to be
> > > capability aware.
> >
> > The application does not want to manipulate capabilities. I do not want
> > to run it as full root. I don't want to add additional SUID/fscaps to
> > the file system.
> >
> > It's somewhat silly to add a privilege escalation hatch to the file
> > system in order to run a daemon with *reduced* privileges.
>
> This is exactly why the ambient caps patch is sitting in -mm. If you want
> to read it and email a quick review, that might help it along. :)
The real problem with capabilities is there is no way to say, I trust this
child process with this capability, but don't let it get inherited beyond this
process that I'm about to start.
-Steve
More information about the devel
mailing list