Menu
▾
▴
Re: [trustees] trustees & capabilities together - ugly hack
|
From: Andrew R. <ae...@ks...> - 2006-01-13 15:54:23
|
On Mon, Jan 09, 2006 at 03:12:56PM +0100, Kamil Kaczkowski wrote: > There are several approaches to the problem - I choosed attaching > trustees as a secondary module to capabilities module. This is the > least elegant solution, because it involves patching capabilities > module, but is the simplest one to implement(less hooks to serve - > less places to break something). For permanent solution it'd be > better make trustees primary module and allow attaching capability as > secondary - as selinux does. Maybe the project maintainer will choose > this way for official implementation. I actually just committed a different implementation. Capabilities at some point was put into a commoncap.c, the actual capabilities module is a small wrapper around commoncap.c. Other modules like root_plug.c simply supply capabilities by wrapping around this file as well. If you check out the latest svn of trustees, it should provide all the functionality of the normal capabilities module. I haven't tested it a whole lot yet, but the simplicity of using commoncap is so much that I don't foresee any problems. As a reminder, the svn command is: svn co https://aeruder.ath.cx:7778/svn/trustees/trunk trustees or just svn update if you've already checked it out. I don't have any programs setup that absolutely depend on capabilities, but I did do some testing with lcap (btw, it is really easy to end up having to force-reboot if you play around with lcap too much -- i completely locked root out of the system, oops :)) Any reports on success are much appreciated, sorry it took me so long to get around to doing this. I best be off to class, only got 30 minutes to get ready and drive a few miles. ;) - Andy -- Andrew Ruder http://www.aeruder.net |