As Fedora security guys pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=646478, suid is bad. We use suid only to allow /bin/cgexec write access to /var/run/cgred.socket. So, let's add new harmless 'cgred' group, modify the daemon to allow this user write access to the socket and use sgid (to harmless 'cgred' group) on /bin/cgexec instead of suid (to root).
I am not sure where all the bits belong, especially the later two patches could be Fedora specific, if you want. Jan ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
