Acked-by: Andrew G. Morgan <[email protected]> I concur with Kees.
Cheers Andrew On Mon, Mar 8, 2010 at 10:58 AM, Kees Cook <[email protected]> wrote: > Hi Serge, > > On Fri, Mar 05, 2010 at 02:56:07PM -0600, Serge E. Hallyn wrote: >> Privileged syslog operations currently require CAP_SYS_ADMIN. Split >> this off into a new CAP_SYSLOG privilege which we can sanely take away >> from a container through the capability bounding set. > > Seems like a good idea, but it'll require code changes in libcap2, > libcap-ng, as well as manpages. > > I support the idea -- more stuff needs to be extracted from CAP_SYS_ADMIN, > but this is a nice distinct subsystem to do now. > > Acked-By: Kees Cook <[email protected]> > > -- > Kees Cook > Ubuntu Security Team > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to [email protected] > More majordomo info at http://vger.kernel.org/majordomo-info.html > _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
