-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Serge and I have been discussing this test offline (there is a get_cap_text() libcap change that I'm investigating that he wants to be able to make the test more resilient in the face of newly added capabilities). Since Serge is also reviewing these changes, I'm sure he'll have something to say about enhancements to the test...
Cheers Andrew Subrata Modak wrote: | Hi Andrew, | | Do you feel that the corresponding filecaps test in LTP needs to be | reviewed against the changes in Kernel filecaps. Do you remember that | Sergei wrote this test case and you gave the review comments, after | which we included the same inside LTP: | | http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/filecaps/ | | Regards-- | Subrata | | On Thu, Jun 26, 2008 at 2:16 PM, Andrew G. Morgan <[EMAIL PROTECTED] | <mailto:[EMAIL PROTECTED]>> wrote: | | Andrew, | | Configuring filesystem capabilities is still tagged experimental, and | the effect of the "security fix" part of this change is conditional on | filesystem capabilities being configured. This late in the rc cycle, I'm | not convinced that the risk of this bugfix isn't greater than the | benefit. | | If you disagree, there is another "security" problem with filesystem | capabilities and strace, and I've been exploring the fix. This is also | the last fix I think we need before we can remove the experimental | attribute on filesystem capabilities. | | As such, I'll follow this up with four patches. The first two are | bugfixes (affecting kernels configured with filesystem support); the | third is the refactoring; and the fourth removes the experimental tag on | filesystem capability support. | | Cheers | | Andrew | | Andrew Morton wrote: | | On Fri, 20 Jun 2008 08:38:19 -0700 | | "Andrew G. Morgan" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> | wrote: | | | |> From 8a2bffcb5363295ea43ef42c84c121a8e8c7ffa0 Mon Sep 17 00:00:00 | 2001 | |> From: Andrew G. Morgan <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> | |> Date: Fri, 20 Jun 2008 08:16:06 -0700 | |> Subject: [PATCH] Refactor filesystem capability support in main | kernel. | |> | [...] | | This is one helluva large (security!) patch for so late in -rc. | | | | Could we please split out the bugfix for 2.6.26 (is it needed in | 2.6.25 | | too?) and hold the refactoring back for 2.6.27? - -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ | -- | Regards & Thanks-- | Subrata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIY7lm+bHCR3gb8jsRAuIuAJ9zKdeeU8cseqeZzGkB08rLBASwDgCfYcBv Bctu3WqkB/FryaB4lRJZLe8= =Zuc8 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list