On Sun, Jun 17, 2001 at 10:42:17PM -0800, Ethan Benson wrote: > you would need to fix filesystem immutability and block device access > as well. currently lcap CAP_LINUX_IMMUTABLE is useless since there > is no way to deny root the ability to write directly to /dev/hda* and > remove the immutable bits (ive written a script to remove chattr +i > and +a even when CAP_LINUX_IMMUTABLE is removed from the bounding set, > no reboot required). I thought CAP_SYS_RAWIO would take care of that issue? Is is still possible to chattr +i if CAP_SYS_RAWIO is removed? Phil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Re: A question about Knark and modules Juha Jäykkä
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Sjarn Valkhoff
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Jim Breton
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ben Harvey
- Re: A question about Knark and modules Christian Jaeger