I covered the options/implications in my glen or glenda paper at the Ottawa Linux symposium a few years back. I don't know if I have a copy laying around, but those proceedings are publically available.
Sent from my iPhone On Jun 19, 2009, at 3:19 AM, Priyanka Sharma <[email protected]> wrote: > Hi Eric > > Thanks for your feedback . > One of my to do work is neways : Analyse the security implications > of removing the root user requirement and implement an ACL based > check to prevent modifications of the global namespace > > So, your adivse would b helpful :) > > > On Thu, Jun 18, 2009 at 10:03 PM, Eric Van Hensbergen <[email protected] > > wrote: > > It may be advisable to put those capabilities in their own class, that > way admins can conditionally restrict them -but without giving users > admin privs. > > Sent from my iPhone > > On Jun 18, 2009, at 2:07 PM, priyanka <[email protected]> > wrote: > > > > > Hi all > > > > First of all, I am sorry to giving my updates so late. > > > > 1) I installed linux-2.6.29 with glendix patch on virtual machine as > > well as on my system > > 2) Understood the flow to complete my first task : Remove the root > > user requirement from clone and unshare > > 3) I have finished the task of removing root requirement by removing > > the CAP_SYS_ADMIN capability. This capability is used to the the > root > > privilege. > > > > This was my first week task. I didn't do much in my second week as I > > had to relocate. > > > > Now, I am working on modification of rfork() system call used in > > glendix. > > I am using unshare sys_call to create per process namespace. > > > > I will try to complete this task in this week :) > > > > Thank You > > > > > > > > > > > -- > Thanks & Regards > Priyanka > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Plan 9 Google Summer of Code" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/plan9-gsoc?hl=en -~----------~----~----~----~------~----~------~--~---
