* Francesco P. Lovergine [Wed, 12 Nov 2003 at 14:48 +0100] > It has implication for libcap* packages too, doesn't it? From libcap2's README.Debian: This library should be used in conjunction with the kernel patches from <URL:http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/> (or a kernel.org mirror near you).
You need to apply both the appropriate "ea" and "fcaps" patch in this order. See the README in this directory for up-to-date details. The fcaps patch appears to have the same change (and a whole lot more). The README found at the above URL states: 7. CAP_SETPCAP is no longer associated with the ability to set the capabilities of an arbitrary process. (Which was so awful a capability we're all pretty much relieved about this change.) I am not sure what precisely you can do with CAP_SETPCAP after this patch, but I imagine it just restricts which processes you can change (not just arbitrary). The arbitrary part is probably why it is disabled by default. I will investigate whether jackstart could be modified to use libcap2 with these patches. It looks like these patches require patching e2fsprogs too, though. -- Hans Fugal | De gustibus non disputandum est. http://hans.fugal.net/ | Debian, vim, mutt, ruby, text, gpg http://gdmxml.fugal.net/ | WindowMaker, gaim, UTF-8, RISC, JS Bach --------------------------------------------------------------------- GnuPG Fingerprint: 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460
pgpI71qZx34cA.pgp
Description: PGP signature