linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [PATCH] 64 bit capabilities

Re: [PATCH] 64 bit capabilities

From: Serge E. Hallyn <serue_at_nospam>
Date: Thu Nov 15 2007 - 20:33:59 GMT
To: KaiGai Kohei <kaigai@ak.jp.nec.com>


Quoting KaiGai Kohei (kaigai@ak.jp.nec.com):
> Andrew Morgan,
>
> >> I'll post the patch of setfcaps/getfcap for his tree.
> >> I believe it is better way to maintain.
> >>
> >> Thanks,
>
> The following patch to libcap enables to display file capabilities
> recursively on the enumerated directories when -r is specified.
>
> In addition, some other features are ported from my getfcap.
> When an entry contains no file-capabilities, displaying it will be
> skipped without returning an error. However, -v option enables to
> display those filenames with no capabilities.
> -h options displays short usage message.
>
> Please consider to apply it on your tree.
>
> EXAMPLE:
> [kaigai@saba libcap]$ ./progs/getcap -r /tmp
> /tmp/ping = cap_net_raw+ep
> [kaigai@saba libcap]$

So I'm unclear - is there going to be one definitive libcap tree? I downloaded Adnrew's tree, but it didn't seem to have a copy of setfcaps.c and getfcaps.c at all.

I defined CAP_NS_UNSHARE as bit 32 as an experiment, and had to do some finagling/combination of both of your trees to do so... Though that aside I'm pleased to say it all worked perfectly.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html