|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Quoting Janne Karhunen (janne.karhunen@xxxxxxxxx): > > annoying is that the only way to end the 'chain' is to give someone > > SETPCAP rights to modify the inheritable set and let them do that > > 'manually' as this is ignorant to all security context changes. > > Ok, looks like dropping does not need SETPCAP but still. Above > mentioned transformation would be considerably more usable. pI by itself doesn't give you anything. The idea is, you give something like ping a capability in fI, and then only those who have that capability in their pI will get it in pP' while executing ping. What exactly are you wanting to do? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Fedora Maintainers] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
