On Fri, 30 Nov 2007, Crispin Cowan wrote:
The only case of this so far has been Multiadm, although there seems to be
no reason for it to stay out of tree.
Dazuko. It has the same yucky code issues as Talpa, but AFAIK is pure
GPL2 and thus is clean on the license issues.
That these
James Morris wrote:
On Fri, 30 Nov 2007, Crispin Cowan wrote:
restored faces a lot of challenges, but I hope that some kind of
solution can be found, because the alternative is to effectively force
vendors like Sophos to do it the dirty way by fishing in memory for
the syscall table.
I
Quoting KaiGai Kohei ([EMAIL PROTECTED]):
Serge E. Hallyn wrote:
The capability bounding set is a set beyond which capabilities
cannot grow. Currently cap_bset is per-system. It can be
manipulated through sysctl, but only init can add capabilities.
Root can remove capabilities. By
Tetsuo Handa [EMAIL PROTECTED] writes:
Hello.
Thank you for feedback.
I have some questions.
(1) Your module uses struct security_operations and
is registered with register_security().
TOMOYO also uses struct security_operations and
must be registered with
Serge E. Hallyn [EMAIL PROTECTED] writes:
Quoting Eric W. Biederman ([EMAIL PROTECTED]):
Mark Nelson [EMAIL PROTECTED] writes:
Hi Paul and Eric,
Do you guys have any objections to dropping the hijack_pid() and
hijack_cgroup() parts of sys_hijack, leaving just hijack_ns() (see
below
Tetsuo Handa [EMAIL PROTECTED] writes:
Hello.
Thank you for detailed explanation.
Samir Bellabes wrote:
No, it's performed from the userspace. the goal is to don't touch the
network stack at all.
OK. One thing I'm worrying.
Use of userspace process assumes that it shall not be killed by
