From: Frank v Waveren <fvw.uml@va...>  20060715 15:23:35

I was trying to limit some unecessary capabilities in a UML instance with /proc/sys/kernel/capbound, but it turned out not to take. The source of the problem (or at least something a bit of the way up the garden path of the problem) is at security/commoncap.c:140 at the top of cap_bprm_apply_creds(bprm, unsafe): void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) { /* Derived from fs/exec.c:compute_creds. */ kernel_cap_t new_permitted, working; =20 new_permitted =3D cap_intersect (bprm>cap_permitted, cap_bset); working =3D cap_intersect (bprm>cap_inheritable, current>cap_inheritable); new_permitted =3D cap_combine (new_permitted, working); ... Here the new permitted set gets limited to the bits in cap_bset, which is as it should be, but then the intersection of the of the current and exec inheritable masks get added to that set, whereas as I understand it, cap_bset should always be the bounding set. I've tried commenting out that bit and everything worked as I'd hoped (I haven't done extensive testing, but bounding the caps worked, as did suids and such). That doesn't explain why it works with those lines left in on a nonUML kernel though, so I assume I'm missing something fundamental. (My guest kernel is=20 Linux version 2.6.16.24 (fvw@...) (gcc version 4.0.3 20051201= =20 (prerelease) (Debian 4.0.25)) #3 Sat Jul 15 16:54:20 CEST 2006 , should it matter) =20 Frank v Waveren Key fingerprint: BDD7 D61E fvw@... 5D39 CF05 4BFC F57A Public key: hkp://wwwkeys.pgp.net/468D62C8 FA00 7D51 468D 62C8 