from:"Chris Friedhoff"

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

On Tue, 20 Nov 2007 16:51:21 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:

> Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > On Tue, 20 Nov 2007 08:51:06 -0600
> > "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> > 
> > > Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > > > On Mon, 19 Nov 2007 17:16:44 -0600
> > > > "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> > > > 
> > > > > Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > > > > > Hello Serge,
> > > > > > 
> > > > > > just to let you know: with 2.6.24-rc3 I have the same problem.
> > > > > 
> > > > > Ok, so here is the flow.
> > > > > 
> > > > > First off, using runlevel 5 on FC7, using 'log out' correctly brings
> > > > > you back to a new login prompt.  Your problem is starting in runlevel
> > > > > 3, and typing 'xinit .xinitrc';  when you exit your wm, xinit is not
> > > > > allowed to kill X so you don't get back to your console.
> > > > 
> > > > Yes, I'm booting in a runlevel without a session manager and starting
> > > > my X session with xinit.
> > > > (slackware: console->runlevel 3; sessionmanager->runlevel 4 )
> > > > 
> > > > > 
> > > > > First comment is, as you point out on your homepage, you could
> > > > >   setfcaps -c cap_kill+p -e /usr/bin/xinit
> > > > > Then xinit is allowed to kill X.  Yes xinit forks and execs a
> > > > > user-writable script, but of course upon the exec to start the script
> > > > > cap_kill is lost, so the user can't abuse this.
> > > > > 
> > > > > Since you pointed this out on your homepage, I have to assume you've
> > > > > decided you don't want to give cap_kill to xinit?
> > > > 
> > > > No, since I'm using capabilities and I'm very happy with it, I grant
> > > > cap_kill to xinit. For myself the problem is solved ...
> > > > 
> > > > > 
> > > > > My other question is - do we want to maintain this signal restriction?
> > > > > So long as a privileged process isn't dumpable, is it any more 
> > > > > dangerous
> > > > > for user hallyn to kill capability-raised process owned by hallyn than
> > > > > it is to kill a setuid process started by hallyn?  If we decide no, 
> > > > > then
> > > > > maybe we should remove cap_task_kill() as well as the 
> > > > > cap_task_setnice(),
> > > > > cap_task_setioprio(), cap_task_setscheduler()?
> > > > > 
> > > > > Or maybe i've just forgotten a compelling scenario...
> > > > > 
> > > > > thanks,
> > > > > -serge
> > > > 
> > > > 
> > > > ... but if some user decides to configure capabilities into the 2.6.24
> > > > kernel or just uses such a kernel and
> > > > 1) is not granting cap_kill to xinit, and
> > > > 2) starts X by issuing xinit on the console
> > > > 3) ends after some time his X session, to come back to the console
> > > > 
> > > > he will see a different behavior compared to 2.6.23 exiting his X
> > > > session and (I think) believes to have a bug in the X package.
> > > > 
> > > > Andrew Morton describes the problem here, too:
> > > > http://lkml.org/lkml/2006/11/23/15
> > > > http://lkml.org/lkml/2006/11/23/19
> > > > 
> > > > Am I wrong in the assumption, but should one not accept an unchanged
> > > > behavior with or without capabilities in the kernel regarding the
> > > > behavior of applications, when he is not actually using (by not setting
> > > > the xattr capability) capabilities with this application?
> > > > 
> > > > If I'm wrong, maybe a warning or hint should be given that one has to
> > > > grant cap_kill to xinit to come back to the console if the X session
> > > > was started by xinit.
> > > 
> > > Thanks - yes, I see (I tend to get lost in my testruns).  So we're back to
> > > trying to do the fix I was trying to do along with the SIGCONT fix a few
> > > weeks ago.
> > > 
> > > The problem is that when you run a setuid binary, its pP and pE are
> > > fully raised.  The following patch fixes it for me.  Chris, does it fix
> > > your problem?
> > 
> > Yes, this patch fixes it for me, too.
> > 
> > Thanks,
> > 
> > Chris
> 
> Thanks for the valuable testing and bugreports, Chris.

You're welcome!
Chris

> 
> If I don't hear any counter-arguments I'll post the patch in its own
> thread tomorrow.
> 
> -serge



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

On Tue, 20 Nov 2007 08:51:06 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:

> Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > On Mon, 19 Nov 2007 17:16:44 -0600
> > "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> > 
> > > Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > > > Hello Serge,
> > > > 
> > > > just to let you know: with 2.6.24-rc3 I have the same problem.
> > > 
> > > Ok, so here is the flow.
> > > 
> > > First off, using runlevel 5 on FC7, using 'log out' correctly brings
> > > you back to a new login prompt.  Your problem is starting in runlevel
> > > 3, and typing 'xinit .xinitrc';  when you exit your wm, xinit is not
> > > allowed to kill X so you don't get back to your console.
> > 
> > Yes, I'm booting in a runlevel without a session manager and starting
> > my X session with xinit.
> > (slackware: console->runlevel 3; sessionmanager->runlevel 4 )
> > 
> > > 
> > > First comment is, as you point out on your homepage, you could
> > >   setfcaps -c cap_kill+p -e /usr/bin/xinit
> > > Then xinit is allowed to kill X.  Yes xinit forks and execs a
> > > user-writable script, but of course upon the exec to start the script
> > > cap_kill is lost, so the user can't abuse this.
> > > 
> > > Since you pointed this out on your homepage, I have to assume you've
> > > decided you don't want to give cap_kill to xinit?
> > 
> > No, since I'm using capabilities and I'm very happy with it, I grant
> > cap_kill to xinit. For myself the problem is solved ...
> > 
> > > 
> > > My other question is - do we want to maintain this signal restriction?
> > > So long as a privileged process isn't dumpable, is it any more dangerous
> > > for user hallyn to kill capability-raised process owned by hallyn than
> > > it is to kill a setuid process started by hallyn?  If we decide no, then
> > > maybe we should remove cap_task_kill() as well as the cap_task_setnice(),
> > > cap_task_setioprio(), cap_task_setscheduler()?
> > > 
> > > Or maybe i've just forgotten a compelling scenario...
> > > 
> > > thanks,
> > > -serge
> > 
> > 
> > ... but if some user decides to configure capabilities into the 2.6.24
> > kernel or just uses such a kernel and
> > 1) is not granting cap_kill to xinit, and
> > 2) starts X by issuing xinit on the console
> > 3) ends after some time his X session, to come back to the console
> > 
> > he will see a different behavior compared to 2.6.23 exiting his X
> > session and (I think) believes to have a bug in the X package.
> > 
> > Andrew Morton describes the problem here, too:
> > http://lkml.org/lkml/2006/11/23/15
> > http://lkml.org/lkml/2006/11/23/19
> > 
> > Am I wrong in the assumption, but should one not accept an unchanged
> > behavior with or without capabilities in the kernel regarding the
> > behavior of applications, when he is not actually using (by not setting
> > the xattr capability) capabilities with this application?
> > 
> > If I'm wrong, maybe a warning or hint should be given that one has to
> > grant cap_kill to xinit to come back to the console if the X session
> > was started by xinit.
> 
> Thanks - yes, I see (I tend to get lost in my testruns).  So we're back to
> trying to do the fix I was trying to do along with the SIGCONT fix a few
> weeks ago.
> 
> The problem is that when you run a setuid binary, its pP and pE are
> fully raised.  The following patch fixes it for me.  Chris, does it fix
> your problem?

Yes, this patch fixes it for me, too.

Thanks,

Chris

>  Andrew, am I again confusing myself and doing something
> unsafe?
> 
> thanks,
> -serge
> 
> >From d0b931776c0c424e583bf736d6a2498be4eccb98 Mon Sep 17 00:00:00 2001
> From: Serge E. Hallyn <[EMAIL PROTECTED]>
> Date: Tue, 20 Nov 2007 08:47:35 +
> Subject: [PATCH 1/1] file capabilities: don't prevent signaling setuid root 
> programs.
> 
> When an unprivileged user runs a setuid root program in !SECURE_NOROOT
> mode, fP, fI, and fE are set full on, so pP' and pE' are full on.
> Then cap_task_kill() prevents the user from signaling the setuid root
> task.  This is a change in behavior compared to when
> !CONFIG_SECURITY_FILE_CAPABILITIES.
> 
> This patch introduces a special check into cap_task_kill() just
> to check whether a non-root user is signaling a setuid root
> program started by the same user.  If so, then signal is allowed.
> 
> This still leaves open the

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

The patch
http://bugzilla.kernel.org/attachment.cgi?id=13652=view from
Comment #16 of http://bugzilla.kernel.org/show_bug.cgi?id=9345
also works for me and enables successful s2disk cycles.

Tested with 6 cycles, 3 from console and than 3 from within X.

Thanks,
Chris


On Tue, 20 Nov 2007 00:58:29 +0100
"Rafael J. Wysocki" <[EMAIL PROTECTED]> wrote:

> On Monday, 19 of November 2007, Chris Friedhoff wrote:
> > dmesg output is added.
> > 
> > increasing CONFIG_BLK_DEV_RAM_SIZE from  to 131072 hasn't changed
> > the non-functioning of 2.6.24-rc3
> > 
> > s2disk works with 2.6.23.8 ; I tested 4 cycles in a row, 2 from console
> > and 2 from within X
> 
> I've attached a patch to the bugzilla entry, please test it.
> 
> Thanks,
> Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

the patch on top of 2.6.24-rc3 fixed the problem.
now I can succesfully s2disk.
I tested it 5 times in a row, 2 from the console and 3 from within X

thanks for fixing it,
Chris


On Tue, 20 Nov 2007 00:58:29 +0100
"Rafael J. Wysocki" <[EMAIL PROTECTED]> wrote:

> On Monday, 19 of November 2007, Chris Friedhoff wrote:
> > dmesg output is added.
> > 
> > increasing CONFIG_BLK_DEV_RAM_SIZE from  to 131072 hasn't changed
> > the non-functioning of 2.6.24-rc3
> > 
> > s2disk works with 2.6.23.8 ; I tested 4 cycles in a row, 2 from console
> > and 2 from within X
> 
> I've attached a patch to the bugzilla entry, please test it.
> 
> Thanks,
> Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

On Mon, 19 Nov 2007 17:16:44 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:

> Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > Hello Serge,
> > 
> > just to let you know: with 2.6.24-rc3 I have the same problem.
> 
> Ok, so here is the flow.
> 
> First off, using runlevel 5 on FC7, using 'log out' correctly brings
> you back to a new login prompt.  Your problem is starting in runlevel
> 3, and typing 'xinit .xinitrc';  when you exit your wm, xinit is not
> allowed to kill X so you don't get back to your console.

Yes, I'm booting in a runlevel without a session manager and starting
my X session with xinit.
(slackware: console->runlevel 3; sessionmanager->runlevel 4 )

> 
> First comment is, as you point out on your homepage, you could
>   setfcaps -c cap_kill+p -e /usr/bin/xinit
> Then xinit is allowed to kill X.  Yes xinit forks and execs a
> user-writable script, but of course upon the exec to start the script
> cap_kill is lost, so the user can't abuse this.
> 
> Since you pointed this out on your homepage, I have to assume you've
> decided you don't want to give cap_kill to xinit?

No, since I'm using capabilities and I'm very happy with it, I grant
cap_kill to xinit. For myself the problem is solved ...

> 
> My other question is - do we want to maintain this signal restriction?
> So long as a privileged process isn't dumpable, is it any more dangerous
> for user hallyn to kill capability-raised process owned by hallyn than
> it is to kill a setuid process started by hallyn?  If we decide no, then
> maybe we should remove cap_task_kill() as well as the cap_task_setnice(),
> cap_task_setioprio(), cap_task_setscheduler()?
> 
> Or maybe i've just forgotten a compelling scenario...
> 
> thanks,
> -serge

... but if some user decides to configure capabilities into the 2.6.24
kernel or just uses such a kernel and
1) is not granting cap_kill to xinit, and
2) starts X by issuing xinit on the console
3) ends after some time his X session, to come back to the console

he will see a different behavior compared to 2.6.23 exiting his X
session and (I think) believes to have a bug in the X package.

Andrew Morton describes the problem here, too:
http://lkml.org/lkml/2006/11/23/15
http://lkml.org/lkml/2006/11/23/19

Am I wrong in the assumption, but should one not accept an unchanged
behavior with or without capabilities in the kernel regarding the
behavior of applications, when he is not actually using (by not setting
the xattr capability) capabilities with this application?

If I'm wrong, maybe a warning or hint should be given that one has to
grant cap_kill to xinit to come back to the console if the X session
was started by xinit.

Chris

Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

On Mon, 19 Nov 2007 17:16:44 -0600
Serge E. Hallyn [EMAIL PROTECTED] wrote:

 Quoting Chris Friedhoff ([EMAIL PROTECTED]):
  Hello Serge,
  
  just to let you know: with 2.6.24-rc3 I have the same problem.
 
 Ok, so here is the flow.
 
 First off, using runlevel 5 on FC7, using 'log out' correctly brings
 you back to a new login prompt.  Your problem is starting in runlevel
 3, and typing 'xinit .xinitrc';  when you exit your wm, xinit is not
 allowed to kill X so you don't get back to your console.

Yes, I'm booting in a runlevel without a session manager and starting
my X session with xinit.
(slackware: console-runlevel 3; sessionmanager-runlevel 4 )

 
 First comment is, as you point out on your homepage, you could
   setfcaps -c cap_kill+p -e /usr/bin/xinit
 Then xinit is allowed to kill X.  Yes xinit forks and execs a
 user-writable script, but of course upon the exec to start the script
 cap_kill is lost, so the user can't abuse this.
 
 Since you pointed this out on your homepage, I have to assume you've
 decided you don't want to give cap_kill to xinit?

No, since I'm using capabilities and I'm very happy with it, I grant
cap_kill to xinit. For myself the problem is solved ...

 
 My other question is - do we want to maintain this signal restriction?
 So long as a privileged process isn't dumpable, is it any more dangerous
 for user hallyn to kill capability-raised process owned by hallyn than
 it is to kill a setuid process started by hallyn?  If we decide no, then
 maybe we should remove cap_task_kill() as well as the cap_task_setnice(),
 cap_task_setioprio(), cap_task_setscheduler()?
 
 Or maybe i've just forgotten a compelling scenario...
 
 thanks,
 -serge


... but if some user decides to configure capabilities into the 2.6.24
kernel or just uses such a kernel and
1) is not granting cap_kill to xinit, and
2) starts X by issuing xinit on the console
3) ends after some time his X session, to come back to the console

he will see a different behavior compared to 2.6.23 exiting his X
session and (I think) believes to have a bug in the X package.

Andrew Morton describes the problem here, too:
http://lkml.org/lkml/2006/11/23/15
http://lkml.org/lkml/2006/11/23/19

Am I wrong in the assumption, but should one not accept an unchanged
behavior with or without capabilities in the kernel regarding the
behavior of applications, when he is not actually using (by not setting
the xattr capability) capabilities with this application?

If I'm wrong, maybe a warning or hint should be given that one has to
grant cap_kill to xinit to come back to the console if the X session
was started by xinit.


Chris




Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

the patch on top of 2.6.24-rc3 fixed the problem.
now I can succesfully s2disk.
I tested it 5 times in a row, 2 from the console and 3 from within X

thanks for fixing it,
Chris


On Tue, 20 Nov 2007 00:58:29 +0100
Rafael J. Wysocki [EMAIL PROTECTED] wrote:

 On Monday, 19 of November 2007, Chris Friedhoff wrote:
  dmesg output is added.
  
  increasing CONFIG_BLK_DEV_RAM_SIZE from  to 131072 hasn't changed
  the non-functioning of 2.6.24-rc3
  
  s2disk works with 2.6.23.8 ; I tested 4 cycles in a row, 2 from console
  and 2 from within X
 
 I've attached a patch to the bugzilla entry, please test it.
 
 Thanks,
 Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

The patch
http://bugzilla.kernel.org/attachment.cgi?id=13652action=view from
Comment #16 of http://bugzilla.kernel.org/show_bug.cgi?id=9345
also works for me and enables successful s2disk cycles.

Tested with 6 cycles, 3 from console and than 3 from within X.

Thanks,
Chris


On Tue, 20 Nov 2007 00:58:29 +0100
Rafael J. Wysocki [EMAIL PROTECTED] wrote:

 On Monday, 19 of November 2007, Chris Friedhoff wrote:
  dmesg output is added.
  
  increasing CONFIG_BLK_DEV_RAM_SIZE from  to 131072 hasn't changed
  the non-functioning of 2.6.24-rc3
  
  s2disk works with 2.6.23.8 ; I tested 4 cycles in a row, 2 from console
  and 2 from within X
 
 I've attached a patch to the bugzilla entry, please test it.
 
 Thanks,
 Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

On Tue, 20 Nov 2007 08:51:06 -0600
Serge E. Hallyn [EMAIL PROTECTED] wrote:

 Quoting Chris Friedhoff ([EMAIL PROTECTED]):
  On Mon, 19 Nov 2007 17:16:44 -0600
  Serge E. Hallyn [EMAIL PROTECTED] wrote:
  
   Quoting Chris Friedhoff ([EMAIL PROTECTED]):
Hello Serge,

just to let you know: with 2.6.24-rc3 I have the same problem.
   
   Ok, so here is the flow.
   
   First off, using runlevel 5 on FC7, using 'log out' correctly brings
   you back to a new login prompt.  Your problem is starting in runlevel
   3, and typing 'xinit .xinitrc';  when you exit your wm, xinit is not
   allowed to kill X so you don't get back to your console.
  
  Yes, I'm booting in a runlevel without a session manager and starting
  my X session with xinit.
  (slackware: console-runlevel 3; sessionmanager-runlevel 4 )
  
   
   First comment is, as you point out on your homepage, you could
 setfcaps -c cap_kill+p -e /usr/bin/xinit
   Then xinit is allowed to kill X.  Yes xinit forks and execs a
   user-writable script, but of course upon the exec to start the script
   cap_kill is lost, so the user can't abuse this.
   
   Since you pointed this out on your homepage, I have to assume you've
   decided you don't want to give cap_kill to xinit?
  
  No, since I'm using capabilities and I'm very happy with it, I grant
  cap_kill to xinit. For myself the problem is solved ...
  
   
   My other question is - do we want to maintain this signal restriction?
   So long as a privileged process isn't dumpable, is it any more dangerous
   for user hallyn to kill capability-raised process owned by hallyn than
   it is to kill a setuid process started by hallyn?  If we decide no, then
   maybe we should remove cap_task_kill() as well as the cap_task_setnice(),
   cap_task_setioprio(), cap_task_setscheduler()?
   
   Or maybe i've just forgotten a compelling scenario...
   
   thanks,
   -serge
  
  
  ... but if some user decides to configure capabilities into the 2.6.24
  kernel or just uses such a kernel and
  1) is not granting cap_kill to xinit, and
  2) starts X by issuing xinit on the console
  3) ends after some time his X session, to come back to the console
  
  he will see a different behavior compared to 2.6.23 exiting his X
  session and (I think) believes to have a bug in the X package.
  
  Andrew Morton describes the problem here, too:
  http://lkml.org/lkml/2006/11/23/15
  http://lkml.org/lkml/2006/11/23/19
  
  Am I wrong in the assumption, but should one not accept an unchanged
  behavior with or without capabilities in the kernel regarding the
  behavior of applications, when he is not actually using (by not setting
  the xattr capability) capabilities with this application?
  
  If I'm wrong, maybe a warning or hint should be given that one has to
  grant cap_kill to xinit to come back to the console if the X session
  was started by xinit.
 
 Thanks - yes, I see (I tend to get lost in my testruns).  So we're back to
 trying to do the fix I was trying to do along with the SIGCONT fix a few
 weeks ago.
 
 The problem is that when you run a setuid binary, its pP and pE are
 fully raised.  The following patch fixes it for me.  Chris, does it fix
 your problem?

Yes, this patch fixes it for me, too.

Thanks,

Chris

  Andrew, am I again confusing myself and doing something
 unsafe?
 
 thanks,
 -serge
 
 From d0b931776c0c424e583bf736d6a2498be4eccb98 Mon Sep 17 00:00:00 2001
 From: Serge E. Hallyn [EMAIL PROTECTED]
 Date: Tue, 20 Nov 2007 08:47:35 +
 Subject: [PATCH 1/1] file capabilities: don't prevent signaling setuid root 
 programs.
 
 When an unprivileged user runs a setuid root program in !SECURE_NOROOT
 mode, fP, fI, and fE are set full on, so pP' and pE' are full on.
 Then cap_task_kill() prevents the user from signaling the setuid root
 task.  This is a change in behavior compared to when
 !CONFIG_SECURITY_FILE_CAPABILITIES.
 
 This patch introduces a special check into cap_task_kill() just
 to check whether a non-root user is signaling a setuid root
 program started by the same user.  If so, then signal is allowed.
 
 This still leaves open the question of whether we want to go back
 to allowing users to signal binaries owned by them which had
 file capabilities set.
 
 Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
 ---
  security/commoncap.c |3 +++
  1 files changed, 3 insertions(+), 0 deletions(-)
 
 diff --git a/security/commoncap.c b/security/commoncap.c
 index 302e8d0..d20d0a6 100644
 --- a/security/commoncap.c
 +++ b/security/commoncap.c
 @@ -543,6 +543,9 @@ int cap_task_kill(struct task_struct *p, struct siginfo 
 *info,
   if (capable(CAP_KILL))
   return 0;
  
 + if (p-euid==0  p-uid==current-uid)
 + return 0;
 +
   return -EPERM;
  }
  #else
 -- 
 1.5.2.5



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-20 Thread Chris Friedhoff

On Tue, 20 Nov 2007 16:51:21 -0600
Serge E. Hallyn [EMAIL PROTECTED] wrote:

 Quoting Chris Friedhoff ([EMAIL PROTECTED]):
  On Tue, 20 Nov 2007 08:51:06 -0600
  Serge E. Hallyn [EMAIL PROTECTED] wrote:
  
   Quoting Chris Friedhoff ([EMAIL PROTECTED]):
On Mon, 19 Nov 2007 17:16:44 -0600
Serge E. Hallyn [EMAIL PROTECTED] wrote:

 Quoting Chris Friedhoff ([EMAIL PROTECTED]):
  Hello Serge,
  
  just to let you know: with 2.6.24-rc3 I have the same problem.
 
 Ok, so here is the flow.
 
 First off, using runlevel 5 on FC7, using 'log out' correctly brings
 you back to a new login prompt.  Your problem is starting in runlevel
 3, and typing 'xinit .xinitrc';  when you exit your wm, xinit is not
 allowed to kill X so you don't get back to your console.

Yes, I'm booting in a runlevel without a session manager and starting
my X session with xinit.
(slackware: console-runlevel 3; sessionmanager-runlevel 4 )

 
 First comment is, as you point out on your homepage, you could
   setfcaps -c cap_kill+p -e /usr/bin/xinit
 Then xinit is allowed to kill X.  Yes xinit forks and execs a
 user-writable script, but of course upon the exec to start the script
 cap_kill is lost, so the user can't abuse this.
 
 Since you pointed this out on your homepage, I have to assume you've
 decided you don't want to give cap_kill to xinit?

No, since I'm using capabilities and I'm very happy with it, I grant
cap_kill to xinit. For myself the problem is solved ...

 
 My other question is - do we want to maintain this signal restriction?
 So long as a privileged process isn't dumpable, is it any more 
 dangerous
 for user hallyn to kill capability-raised process owned by hallyn than
 it is to kill a setuid process started by hallyn?  If we decide no, 
 then
 maybe we should remove cap_task_kill() as well as the 
 cap_task_setnice(),
 cap_task_setioprio(), cap_task_setscheduler()?
 
 Or maybe i've just forgotten a compelling scenario...
 
 thanks,
 -serge


... but if some user decides to configure capabilities into the 2.6.24
kernel or just uses such a kernel and
1) is not granting cap_kill to xinit, and
2) starts X by issuing xinit on the console
3) ends after some time his X session, to come back to the console

he will see a different behavior compared to 2.6.23 exiting his X
session and (I think) believes to have a bug in the X package.

Andrew Morton describes the problem here, too:
http://lkml.org/lkml/2006/11/23/15
http://lkml.org/lkml/2006/11/23/19

Am I wrong in the assumption, but should one not accept an unchanged
behavior with or without capabilities in the kernel regarding the
behavior of applications, when he is not actually using (by not setting
the xattr capability) capabilities with this application?

If I'm wrong, maybe a warning or hint should be given that one has to
grant cap_kill to xinit to come back to the console if the X session
was started by xinit.
   
   Thanks - yes, I see (I tend to get lost in my testruns).  So we're back to
   trying to do the fix I was trying to do along with the SIGCONT fix a few
   weeks ago.
   
   The problem is that when you run a setuid binary, its pP and pE are
   fully raised.  The following patch fixes it for me.  Chris, does it fix
   your problem?
  
  Yes, this patch fixes it for me, too.
  
  Thanks,
  
  Chris
 
 Thanks for the valuable testing and bugreports, Chris.

You're welcome!
Chris

 
 If I don't hear any counter-arguments I'll post the patch in its own
 thread tomorrow.
 
 -serge



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-19 Thread Chris Friedhoff

dmesg output is added.

increasing CONFIG_BLK_DEV_RAM_SIZE from  to 131072 hasn't changed
the non-functioning of 2.6.24-rc3

s2disk works with 2.6.23.8 ; I tested 4 cycles in a row, 2 from console
and 2 from within X


Chris


On Mon, 19 Nov 2007 19:58:36 +0100
"Rafael J. Wysocki" <[EMAIL PROTECTED]> wrote:

> On Monday, 19 of November 2007, Chris Friedhoff wrote:
> > Hallo Rafael,
> > 
> > just to let you know: with 2.6.24-rc3 I have the same problem.
> 
> Thanks.
>  
> > On Sun, 11 Nov 2007 19:45:06 +0100
> > "Rafael J. Wysocki" <[EMAIL PROTECTED]> wrote:
> > 
> > > On Saturday, 10 of November 2007, Chris Friedhoff wrote:
> > > > please cc me, I'm not not subscribed to LKML
> > > > 
> > > > Hello,
> > > > 
> > > > with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
> > > > when I start the system and the suspended systemimage is loaded, it
> > > > fails to "activate" this suspended systemimage and continues after some
> > > > time with following the normal boot sequence.
> 
> Please add the dmesg output taken right after that as an attachment to the
> bugzilla entry at http://bugzilla.kernel.org/show_bug.cgi?id=9345
> 
> Thanks,
> Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-19 Thread Chris Friedhoff

Hello Serge,

just to let you know: with 2.6.24-rc3 I have the same problem.

Chris


On Thu, 15 Nov 2007 23:02:27 +0100
Chris Friedhoff <[EMAIL PROTECTED]> wrote:

> No, the patch doesn't fix the problem.
> I still have the black screen with the cursor when I close the
> xsession, only the windowmanager is closed.
> consolemessage:
> xinit:  Operation not permitted (errno 1): Can't kill X server
> kernel has capabilities, xinit has no caps granted.
> 
> Chris
> 
> 
> > I'm setting up a vm to play with this.  Will look into it.
> > 
> > Oh, looking at a few branches, I see that the patch for bug# 9247
> > (on bugzilla.kernel.org) isn't in 2.6.24-rc2 yet.  Can you check
> > whether the following patch fixes it?
> > 
> > thanks,
> > -serge
> > 
> > >From 347faf5852644b91632813885784104f4cdb640a Mon Sep 17 00:00:00 2001
> > From: Serge E. Hallyn <[EMAIL PROTECTED]>
> > Date: Wed, 14 Nov 2007 13:00:52 -0500
> > Subject: [PATCH 1/1] file capabilities: allow sigcont within session 
> > (v2.6.24-rc2)
> > 
> > Allow sigcont to be sent to a process with greater capabilities
> > if it is in the same session.  Otherwise, a shell from which
> > I've started a root shell and done 'suspend' can't be restarted
> > by the parent shell.
> > 
> > (this patch against v2.6.24-rc2)
> > 
> > Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]>
> > ---
> >  security/commoncap.c |2 ++
> >  1 files changed, 2 insertions(+), 0 deletions(-)
> > 
> > diff --git a/security/commoncap.c b/security/commoncap.c
> > index bf67871..c9f6867 100644
> > --- a/security/commoncap.c
> > +++ b/security/commoncap.c
> > @@ -534,6 +534,8 @@ int cap_task_kill(struct task_struct *p, struct siginfo 
> > *info,
> >  * Used only by usb drivers?
> >  */
> > return 0;
> > +   if (sig == SIGCONT && (task_session_nr(current)==task_session_nr(p)))
> > +   return 0;
> > if (cap_issubset(p->cap_permitted, current->cap_permitted))
> > return 0;
> > if (capable(CAP_KILL))
> > -- 
> > 1.5.1.1.GIT
> 
> 
> 
> Chris Friedhoff
> [EMAIL PROTECTED]



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-19 Thread Chris Friedhoff

Hallo Rafael,

just to let you know: with 2.6.24-rc3 I have the same problem.

Chris


On Sun, 11 Nov 2007 19:45:06 +0100
"Rafael J. Wysocki" <[EMAIL PROTECTED]> wrote:

> On Saturday, 10 of November 2007, Chris Friedhoff wrote:
> > please cc me, I'm not not subscribed to LKML
> > 
> > Hello,
> > 
> > with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
> > when I start the system and the suspended systemimage is loaded, it
> > fails to "activate" this suspended systemimage and continues after some
> > time with following the normal boot sequence.
> > 
> > I can sucessfully STD the system with the following sequence
> >   echo platform > /sys/power/disk
> >   echo disk > /sys/power/state
> > and when I start the laptop the suspended system is sucessfully
> > restored.
> > 
> > Both behaviors are reliable reproducable.
> 
> Thanks for the report.
> 
> > googling for >"Freezing of tasks failed" swapper< brought
> > "Nigel Cunningham - PID namespaces break initrd+hibernate combination?"
> > http://lkml.org/lkml/2007/11/4/140
> 
> Yes, this looks similarly.
> 
> > dmesg output:
> > <>
> > RAMDISK: ext2 filesystem found at block 0
> > RAMDISK: Loading 2000KiB [1 disk] into ram disk... done.
> > EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
> > VFS: Mounted root (ext2 filesystem).
> > swsusp: Marking nosave pages: 0009f000 - 0010
> > swsusp: Basic memory bitmaps created
> > Clocksource tsc unstable (delta = -128791628 ns)
> > Syncing filesystems ... done.
> > Freezing user space processes ... (elapsed 0.00 seconds) done.
> > Freezing remaining freezable tasks ... 
> > Freezing of tasks failed after 20.00 seconds (1 tasks refusing to
> > freeze): taskPC stack   pid father
> > swapper   S c1835a88 0 1  0
> > 0046 c0118c80 c1835a88 0004 0001 c011e875
> > 0286 c01025a6   c1835b64   c1835a90
> > 0001     007b  c1835a90
> > c0118c80 Call Trace:
> >  [] default_wake_function+0x0/0x10
> >  [] do_wait+0x335/0xac0
> >  [] kernel_thread+0x96/0xb0
> >  [] default_wake_function+0x0/0x10
> >  [] sys_wait4+0x31/0x40
> >  [] initrd_load+0x1b3/0x3a0
> >  [] prepare_namespace+0x98/0x1b0
> >  [] sys_access+0x1f/0x30
> >  [] kernel_init+0x166/0x260
> >  [] ret_from_fork+0x6/0x1c
> >  [] kernel_init+0x0/0x260
> >  [] kernel_init+0x0/0x260
> >  [] kernel_thread_helper+0x7/0x18
> >  ===
> > kthreadd  S 038f 0 2  0
> > 0046 c0487790 038f c183ff1c  c012d81b
> > c012d7b0   c0104b8f    
> >   
> > Call Trace:
> >  [] kthreadd+0x6b/0xd0
> >  [] kthreadd+0x0/0xd0
> >  [] kernel_thread_helper+0x7/0x18
> >  ===
> > ksoftirqd/0   S  0 3  2
> > 0046 fffc  c0120f00  c0120f7a
> > c012d782 c012d740   c0104b8f c183ff3c  
> >    
> > Call Trace:
> >  [] ksoftirqd+0x0/0x80
> >  [] ksoftirqd+0x7a/0x80
> >  [] kthread+0x42/0x70
> >  [] kthread+0x0/0x70
> >  [] kernel_thread_helper+0x7/0x18
> > 
> > <>
> 
> Can you please attach your kernel configuration file to the bugzilla entry
> at http://bugzilla.kernel.org/show_bug.cgi?id=9345 ?
> 
> Thanks,
> Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

2007-11-19 Thread Chris Friedhoff

Hello Serge,

just to let you know: with 2.6.24-rc3 I have the same problem.

Chris


On Thu, 15 Nov 2007 23:02:27 +0100
Chris Friedhoff [EMAIL PROTECTED] wrote:

 No, the patch doesn't fix the problem.
 I still have the black screen with the cursor when I close the
 xsession, only the windowmanager is closed.
 consolemessage:
 xinit:  Operation not permitted (errno 1): Can't kill X server
 kernel has capabilities, xinit has no caps granted.
 
 Chris
 
 
  I'm setting up a vm to play with this.  Will look into it.
  
  Oh, looking at a few branches, I see that the patch for bug# 9247
  (on bugzilla.kernel.org) isn't in 2.6.24-rc2 yet.  Can you check
  whether the following patch fixes it?
  
  thanks,
  -serge
  
  From 347faf5852644b91632813885784104f4cdb640a Mon Sep 17 00:00:00 2001
  From: Serge E. Hallyn [EMAIL PROTECTED]
  Date: Wed, 14 Nov 2007 13:00:52 -0500
  Subject: [PATCH 1/1] file capabilities: allow sigcont within session 
  (v2.6.24-rc2)
  
  Allow sigcont to be sent to a process with greater capabilities
  if it is in the same session.  Otherwise, a shell from which
  I've started a root shell and done 'suspend' can't be restarted
  by the parent shell.
  
  (this patch against v2.6.24-rc2)
  
  Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
  ---
   security/commoncap.c |2 ++
   1 files changed, 2 insertions(+), 0 deletions(-)
  
  diff --git a/security/commoncap.c b/security/commoncap.c
  index bf67871..c9f6867 100644
  --- a/security/commoncap.c
  +++ b/security/commoncap.c
  @@ -534,6 +534,8 @@ int cap_task_kill(struct task_struct *p, struct siginfo 
  *info,
   * Used only by usb drivers?
   */
  return 0;
  +   if (sig == SIGCONT  (task_session_nr(current)==task_session_nr(p)))
  +   return 0;
  if (cap_issubset(p-cap_permitted, current-cap_permitted))
  return 0;
  if (capable(CAP_KILL))
  -- 
  1.5.1.1.GIT
 
 
 
 Chris Friedhoff
 [EMAIL PROTECTED]



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-19 Thread Chris Friedhoff

Hallo Rafael,

just to let you know: with 2.6.24-rc3 I have the same problem.

Chris


On Sun, 11 Nov 2007 19:45:06 +0100
Rafael J. Wysocki [EMAIL PROTECTED] wrote:

 On Saturday, 10 of November 2007, Chris Friedhoff wrote:
  please cc me, I'm not not subscribed to LKML
  
  Hello,
  
  with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
  when I start the system and the suspended systemimage is loaded, it
  fails to activate this suspended systemimage and continues after some
  time with following the normal boot sequence.
  
  I can sucessfully STD the system with the following sequence
echo platform  /sys/power/disk
echo disk  /sys/power/state
  and when I start the laptop the suspended system is sucessfully
  restored.
  
  Both behaviors are reliable reproducable.
 
 Thanks for the report.
 
  googling for Freezing of tasks failed swapper brought
  Nigel Cunningham - PID namespaces break initrd+hibernate combination?
  http://lkml.org/lkml/2007/11/4/140
 
 Yes, this looks similarly.
 
  dmesg output:
  snip
  RAMDISK: ext2 filesystem found at block 0
  RAMDISK: Loading 2000KiB [1 disk] into ram disk... done.
  EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
  VFS: Mounted root (ext2 filesystem).
  swsusp: Marking nosave pages: 0009f000 - 0010
  swsusp: Basic memory bitmaps created
  Clocksource tsc unstable (delta = -128791628 ns)
  Syncing filesystems ... done.
  Freezing user space processes ... (elapsed 0.00 seconds) done.
  Freezing remaining freezable tasks ... 
  Freezing of tasks failed after 20.00 seconds (1 tasks refusing to
  freeze): taskPC stack   pid father
  swapper   S c1835a88 0 1  0
  0046 c0118c80 c1835a88 0004 0001 c011e875
  0286 c01025a6   c1835b64   c1835a90
  0001     007b  c1835a90
  c0118c80 Call Trace:
   [c0118c80] default_wake_function+0x0/0x10
   [c011e875] do_wait+0x335/0xac0
   [c01025a6] kernel_thread+0x96/0xb0
   [c0118c80] default_wake_function+0x0/0x10
   [c011f031] sys_wait4+0x31/0x40
   [c04b7a23] initrd_load+0x1b3/0x3a0
   [c04b5108] prepare_namespace+0x98/0x1b0
   [c016090f] sys_access+0x1f/0x30
   [c04b47c6] kernel_init+0x166/0x260
   [c0103f4a] ret_from_fork+0x6/0x1c
   [c04b4660] kernel_init+0x0/0x260
   [c04b4660] kernel_init+0x0/0x260
   [c0104b8f] kernel_thread_helper+0x7/0x18
   ===
  kthreadd  S 038f 0 2  0
  0046 c0487790 038f c183ff1c  c012d81b
  c012d7b0   c0104b8f    
    
  Call Trace:
   [c012d81b] kthreadd+0x6b/0xd0
   [c012d7b0] kthreadd+0x0/0xd0
   [c0104b8f] kernel_thread_helper+0x7/0x18
   ===
  ksoftirqd/0   S  0 3  2
  0046 fffc  c0120f00  c0120f7a
  c012d782 c012d740   c0104b8f c183ff3c  
     
  Call Trace:
   [c0120f00] ksoftirqd+0x0/0x80
   [c0120f7a] ksoftirqd+0x7a/0x80
   [c012d782] kthread+0x42/0x70
   [c012d740] kthread+0x0/0x70
   [c0104b8f] kernel_thread_helper+0x7/0x18
  
  snip
 
 Can you please attach your kernel configuration file to the bugzilla entry
 at http://bugzilla.kernel.org/show_bug.cgi?id=9345 ?
 
 Thanks,
 Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

2007-11-19 Thread Chris Friedhoff

dmesg output is added.

increasing CONFIG_BLK_DEV_RAM_SIZE from  to 131072 hasn't changed
the non-functioning of 2.6.24-rc3

s2disk works with 2.6.23.8 ; I tested 4 cycles in a row, 2 from console
and 2 from within X


Chris


On Mon, 19 Nov 2007 19:58:36 +0100
Rafael J. Wysocki [EMAIL PROTECTED] wrote:

 On Monday, 19 of November 2007, Chris Friedhoff wrote:
  Hallo Rafael,
  
  just to let you know: with 2.6.24-rc3 I have the same problem.
 
 Thanks.
  
  On Sun, 11 Nov 2007 19:45:06 +0100
  Rafael J. Wysocki [EMAIL PROTECTED] wrote:
  
   On Saturday, 10 of November 2007, Chris Friedhoff wrote:
please cc me, I'm not not subscribed to LKML

Hello,

with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
when I start the system and the suspended systemimage is loaded, it
fails to activate this suspended systemimage and continues after some
time with following the normal boot sequence.
 
 Please add the dmesg output taken right after that as an attachment to the
 bugzilla entry at http://bugzilla.kernel.org/show_bug.cgi?id=9345
 
 Thanks,
 Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2

2007-11-15 Thread Chris Friedhoff

No, the patch doesn't fix the problem.
I still have the black screen with the cursor when I close the
xsession, only the windowmanager is closed.
consolemessage:
xinit:  Operation not permitted (errno 1): Can't kill X server
kernel has capabilities, xinit has no caps granted.

Chris


> I'm setting up a vm to play with this.  Will look into it.
> 
> Oh, looking at a few branches, I see that the patch for bug# 9247
> (on bugzilla.kernel.org) isn't in 2.6.24-rc2 yet.  Can you check
> whether the following patch fixes it?
> 
> thanks,
> -serge
> 
> >From 347faf5852644b91632813885784104f4cdb640a Mon Sep 17 00:00:00 2001
> From: Serge E. Hallyn <[EMAIL PROTECTED]>
> Date: Wed, 14 Nov 2007 13:00:52 -0500
> Subject: [PATCH 1/1] file capabilities: allow sigcont within session 
> (v2.6.24-rc2)
> 
> Allow sigcont to be sent to a process with greater capabilities
> if it is in the same session.  Otherwise, a shell from which
> I've started a root shell and done 'suspend' can't be restarted
> by the parent shell.
> 
> (this patch against v2.6.24-rc2)
> 
> Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]>
> ---
>  security/commoncap.c |2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/security/commoncap.c b/security/commoncap.c
> index bf67871..c9f6867 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -534,6 +534,8 @@ int cap_task_kill(struct task_struct *p, struct siginfo 
> *info,
>* Used only by usb drivers?
>*/
>   return 0;
> + if (sig == SIGCONT && (task_session_nr(current)==task_session_nr(p)))
> + return 0;
>   if (cap_issubset(p->cap_permitted, current->cap_permitted))
>   return 0;
>   if (capable(CAP_KILL))
> -- 
> 1.5.1.1.GIT



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2

2007-11-15 Thread Chris Friedhoff

No, the patch doesn't fix the problem.
I still have the black screen with the cursor when I close the
xsession, only the windowmanager is closed.
consolemessage:
xinit:  Operation not permitted (errno 1): Can't kill X server
kernel has capabilities, xinit has no caps granted.

Chris


 I'm setting up a vm to play with this.  Will look into it.
 
 Oh, looking at a few branches, I see that the patch for bug# 9247
 (on bugzilla.kernel.org) isn't in 2.6.24-rc2 yet.  Can you check
 whether the following patch fixes it?
 
 thanks,
 -serge
 
 From 347faf5852644b91632813885784104f4cdb640a Mon Sep 17 00:00:00 2001
 From: Serge E. Hallyn [EMAIL PROTECTED]
 Date: Wed, 14 Nov 2007 13:00:52 -0500
 Subject: [PATCH 1/1] file capabilities: allow sigcont within session 
 (v2.6.24-rc2)
 
 Allow sigcont to be sent to a process with greater capabilities
 if it is in the same session.  Otherwise, a shell from which
 I've started a root shell and done 'suspend' can't be restarted
 by the parent shell.
 
 (this patch against v2.6.24-rc2)
 
 Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
 ---
  security/commoncap.c |2 ++
  1 files changed, 2 insertions(+), 0 deletions(-)
 
 diff --git a/security/commoncap.c b/security/commoncap.c
 index bf67871..c9f6867 100644
 --- a/security/commoncap.c
 +++ b/security/commoncap.c
 @@ -534,6 +534,8 @@ int cap_task_kill(struct task_struct *p, struct siginfo 
 *info,
* Used only by usb drivers?
*/
   return 0;
 + if (sig == SIGCONT  (task_session_nr(current)==task_session_nr(p)))
 + return 0;
   if (cap_issubset(p-cap_permitted, current-cap_permitted))
   return 0;
   if (capable(CAP_KILL))
 -- 
 1.5.1.1.GIT



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2

2007-11-14 Thread Chris Friedhoff

Hello Serge,

I wanted only to express what I observed.

A "yes it should" confirms its ok.

And yes, I haven't looked into the patches and the name and commentary
of file-capabilities-clear-fcaps-on-inode-change.patch explains this
already.
I'm preparing to update my page http://www.friedhoff.org/fscaps.html
for 2.6.24, and I also want to explain what one has to take into account
or be beware off. If I stumble about this, I think others will also
(imho).

I have written a script to change suid binaries and servers,
automating the examples I give on the webpage.
In the sequence of commands I was setting fscaps and than chown the
binary. Now with the aforementioned patch the fscaps are removed when
I chown and the script wasn't working anymore. My point is not my
script, it's being surprised and being a bit at a loss. Documenting
this helps to clarify things and users to adopt this feature.

The matter with "xinit:  Operation not permitted..." happens, when I
(unprivileged user) close a from a console started X session. Similar to
Andrew Morton'S http://lkml.org/lkml/2006/11/23/15 . The 2.6.24-rc2
kernel has capabilties enabled but /usr/bin/xinit has no capabilities
set. It remains the black screen with a cursor, the windowmanager is
closed. Is this known? Is this a problem? Does anyone else observes
this?
As far as I understand, I dont have to grant / to use capabilities even
when the kernel has capabilities enabled.

Chris

On Tue, 13 Nov 2007 17:53:18 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:

> Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > Hello,
> > 
> > everything works as expected, but ...
> > 
> > closing X and no capabilities set for xinit does shutdown only the
> > windowmanager and not the X server (Xorg server 1.4)
> > Consolemessage is:
> > xinit:  Operation not permitted (errno 1): Can't kill X server
> > 
> > 
> > the xattr capability is removed, when the file is chown'ed.
> 
> Hi Chris,
> 
> yes on chown the capability is removed.  I'm not quite sure what
> you're asking?  Is your setup depending on being able to chown
> while keeping file capabilities?  Can you give some more details?
> 
> thanks,
> -serge

Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Posix file capabilities in 2.6.24rc2

2007-11-14 Thread Chris Friedhoff

Hello Serge,

I wanted only to express what I observed.

A yes it should confirms its ok.

And yes, I haven't looked into the patches and the name and commentary
of file-capabilities-clear-fcaps-on-inode-change.patch explains this
already.
I'm preparing to update my page http://www.friedhoff.org/fscaps.html
for 2.6.24, and I also want to explain what one has to take into account
or be beware off. If I stumble about this, I think others will also
(imho).

I have written a script to change suid binaries and servers,
automating the examples I give on the webpage.
In the sequence of commands I was setting fscaps and than chown the
binary. Now with the aforementioned patch the fscaps are removed when
I chown and the script wasn't working anymore. My point is not my
script, it's being surprised and being a bit at a loss. Documenting
this helps to clarify things and users to adopt this feature.


The matter with xinit:  Operation not permitted... happens, when I
(unprivileged user) close a from a console started X session. Similar to
Andrew Morton'S http://lkml.org/lkml/2006/11/23/15 . The 2.6.24-rc2
kernel has capabilties enabled but /usr/bin/xinit has no capabilities
set. It remains the black screen with a cursor, the windowmanager is
closed. Is this known? Is this a problem? Does anyone else observes
this?
As far as I understand, I dont have to grant / to use capabilities even
when the kernel has capabilities enabled.


Chris


On Tue, 13 Nov 2007 17:53:18 -0600
Serge E. Hallyn [EMAIL PROTECTED] wrote:

 Quoting Chris Friedhoff ([EMAIL PROTECTED]):
  Hello,
  
  everything works as expected, but ...
  
  closing X and no capabilities set for xinit does shutdown only the
  windowmanager and not the X server (Xorg server 1.4)
  Consolemessage is:
  xinit:  Operation not permitted (errno 1): Can't kill X server
  
  
  the xattr capability is removed, when the file is chown'ed.
 
 Hi Chris,
 
 yes on chown the capability is removed.  I'm not quite sure what
 you're asking?  Is your setup depending on being able to chown
 while keeping file capabilities?  Can you give some more details?
 
 thanks,
 -serge



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Posix file capabilities in 2.6.24rc2

2007-11-13 Thread Chris Friedhoff

Hello,

everything works as expected, but ...

closing X and no capabilities set for xinit does shutdown only the
windowmanager and not the X server (Xorg server 1.4)
Consolemessage is:
xinit:  Operation not permitted (errno 1): Can't kill X server


the xattr capability is removed, when the file is chown'ed.


Chris

Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Posix file capabilities in 2.6.24rc2

2007-11-13 Thread Chris Friedhoff

Hello,

everything works as expected, but ...

closing X and no capabilities set for xinit does shutdown only the
windowmanager and not the X server (Xorg server 1.4)
Consolemessage is:
xinit:  Operation not permitted (errno 1): Can't kill X server


the xattr capability is removed, when the file is chown'ed.


Chris

Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

2007-11-11 Thread Chris Friedhoff

kernel config attached to comment#2 for bugreport 9345
s2disk comes from suspend-0.7 package

Thanks,
Chris

On Sun, 11 Nov 2007 19:45:06 +0100
"Rafael J. Wysocki" <[EMAIL PROTECTED]> wrote:

> On Saturday, 10 of November 2007, Chris Friedhoff wrote:
> > please cc me, I'm not not subscribed to LKML
> > 
> > Hello,
> > 
> > with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
> > when I start the system and the suspended systemimage is loaded, it
> > fails to "activate" this suspended systemimage and continues after some
> > time with following the normal boot sequence.
> > 
> > I can sucessfully STD the system with the following sequence
> >   echo platform > /sys/power/disk
> >   echo disk > /sys/power/state
> > and when I start the laptop the suspended system is sucessfully
> > restored.
> > 
> > Both behaviors are reliable reproducable.
> 
> Thanks for the report.
> 
> > googling for >"Freezing of tasks failed" swapper< brought
> > "Nigel Cunningham - PID namespaces break initrd+hibernate combination?"
> > http://lkml.org/lkml/2007/11/4/140
> 
> Yes, this looks similarly.
> 
> > dmesg output:
> > <>
> > RAMDISK: ext2 filesystem found at block 0
> > RAMDISK: Loading 2000KiB [1 disk] into ram disk... done.
> > EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
> > VFS: Mounted root (ext2 filesystem).
> > swsusp: Marking nosave pages: 0009f000 - 0010
> > swsusp: Basic memory bitmaps created
> > Clocksource tsc unstable (delta = -128791628 ns)
> > Syncing filesystems ... done.
> > Freezing user space processes ... (elapsed 0.00 seconds) done.
> > Freezing remaining freezable tasks ... 
> > Freezing of tasks failed after 20.00 seconds (1 tasks refusing to
> > freeze): taskPC stack   pid father
> > swapper   S c1835a88 0 1  0
> > 0046 c0118c80 c1835a88 0004 0001 c011e875
> > 0286 c01025a6   c1835b64   c1835a90
> > 0001     007b  c1835a90
> > c0118c80 Call Trace:
> >  [] default_wake_function+0x0/0x10
> >  [] do_wait+0x335/0xac0
> >  [] kernel_thread+0x96/0xb0
> >  [] default_wake_function+0x0/0x10
> >  [] sys_wait4+0x31/0x40
> >  [] initrd_load+0x1b3/0x3a0
> >  [] prepare_namespace+0x98/0x1b0
> >  [] sys_access+0x1f/0x30
> >  [] kernel_init+0x166/0x260
> >  [] ret_from_fork+0x6/0x1c
> >  [] kernel_init+0x0/0x260
> >  [] kernel_init+0x0/0x260
> >  [] kernel_thread_helper+0x7/0x18
> >  ===
> > kthreadd  S 038f 0 2  0
> > 0046 c0487790 038f c183ff1c  c012d81b
> > c012d7b0   c0104b8f    
> >   
> > Call Trace:
> >  [] kthreadd+0x6b/0xd0
> >  [] kthreadd+0x0/0xd0
> >  [] kernel_thread_helper+0x7/0x18
> >  ===
> > ksoftirqd/0   S  0 3  2
> > 0046 fffc  c0120f00  c0120f7a
> > c012d782 c012d740   c0104b8f c183ff3c  
> >    
> > Call Trace:
> >  [] ksoftirqd+0x0/0x80
> >  [] ksoftirqd+0x7a/0x80
> >  [] kthread+0x42/0x70
> >  [] kthread+0x0/0x70
> >  [] kernel_thread_helper+0x7/0x18
> > 
> > <>
> 
> Can you please attach your kernel configuration file to the bugzilla entry
> at http://bugzilla.kernel.org/show_bug.cgi?id=9345 ?
> 
> Thanks,
> Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

2007-11-11 Thread Chris Friedhoff

kernel config attached to comment#2 for bugreport 9345
s2disk comes from suspend-0.7 package

Thanks,
Chris

On Sun, 11 Nov 2007 19:45:06 +0100
Rafael J. Wysocki [EMAIL PROTECTED] wrote:

 On Saturday, 10 of November 2007, Chris Friedhoff wrote:
  please cc me, I'm not not subscribed to LKML
  
  Hello,
  
  with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
  when I start the system and the suspended systemimage is loaded, it
  fails to activate this suspended systemimage and continues after some
  time with following the normal boot sequence.
  
  I can sucessfully STD the system with the following sequence
echo platform  /sys/power/disk
echo disk  /sys/power/state
  and when I start the laptop the suspended system is sucessfully
  restored.
  
  Both behaviors are reliable reproducable.
 
 Thanks for the report.
 
  googling for Freezing of tasks failed swapper brought
  Nigel Cunningham - PID namespaces break initrd+hibernate combination?
  http://lkml.org/lkml/2007/11/4/140
 
 Yes, this looks similarly.
 
  dmesg output:
  snip
  RAMDISK: ext2 filesystem found at block 0
  RAMDISK: Loading 2000KiB [1 disk] into ram disk... done.
  EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
  VFS: Mounted root (ext2 filesystem).
  swsusp: Marking nosave pages: 0009f000 - 0010
  swsusp: Basic memory bitmaps created
  Clocksource tsc unstable (delta = -128791628 ns)
  Syncing filesystems ... done.
  Freezing user space processes ... (elapsed 0.00 seconds) done.
  Freezing remaining freezable tasks ... 
  Freezing of tasks failed after 20.00 seconds (1 tasks refusing to
  freeze): taskPC stack   pid father
  swapper   S c1835a88 0 1  0
  0046 c0118c80 c1835a88 0004 0001 c011e875
  0286 c01025a6   c1835b64   c1835a90
  0001     007b  c1835a90
  c0118c80 Call Trace:
   [c0118c80] default_wake_function+0x0/0x10
   [c011e875] do_wait+0x335/0xac0
   [c01025a6] kernel_thread+0x96/0xb0
   [c0118c80] default_wake_function+0x0/0x10
   [c011f031] sys_wait4+0x31/0x40
   [c04b7a23] initrd_load+0x1b3/0x3a0
   [c04b5108] prepare_namespace+0x98/0x1b0
   [c016090f] sys_access+0x1f/0x30
   [c04b47c6] kernel_init+0x166/0x260
   [c0103f4a] ret_from_fork+0x6/0x1c
   [c04b4660] kernel_init+0x0/0x260
   [c04b4660] kernel_init+0x0/0x260
   [c0104b8f] kernel_thread_helper+0x7/0x18
   ===
  kthreadd  S 038f 0 2  0
  0046 c0487790 038f c183ff1c  c012d81b
  c012d7b0   c0104b8f    
    
  Call Trace:
   [c012d81b] kthreadd+0x6b/0xd0
   [c012d7b0] kthreadd+0x0/0xd0
   [c0104b8f] kernel_thread_helper+0x7/0x18
   ===
  ksoftirqd/0   S  0 3  2
  0046 fffc  c0120f00  c0120f7a
  c012d782 c012d740   c0104b8f c183ff3c  
     
  Call Trace:
   [c0120f00] ksoftirqd+0x0/0x80
   [c0120f7a] ksoftirqd+0x7a/0x80
   [c012d782] kthread+0x42/0x70
   [c012d740] kthread+0x0/0x70
   [c0104b8f] kernel_thread_helper+0x7/0x18
  
  snip
 
 Can you please attach your kernel configuration file to the bugzilla entry
 at http://bugzilla.kernel.org/show_bug.cgi?id=9345 ?
 
 Thanks,
 Rafael



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

2007-11-10 Thread Chris Friedhoff

please cc me, I'm not not subscribed to LKML

Hello,

with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
when I start the system and the suspended systemimage is loaded, it
fails to "activate" this suspended systemimage and continues after some
time with following the normal boot sequence.

I can sucessfully STD the system with the following sequence
  echo platform > /sys/power/disk
  echo disk > /sys/power/state
and when I start the laptop the suspended system is sucessfully
restored.

Both behaviors are reliable reproducable.

googling for >"Freezing of tasks failed" swapper< brought
"Nigel Cunningham - PID namespaces break initrd+hibernate combination?"
http://lkml.org/lkml/2007/11/4/140

dmesg output:
<>
RAMDISK: ext2 filesystem found at block 0
RAMDISK: Loading 2000KiB [1 disk] into ram disk... done.
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
VFS: Mounted root (ext2 filesystem).
swsusp: Marking nosave pages: 0009f000 - 0010
swsusp: Basic memory bitmaps created
Clocksource tsc unstable (delta = -128791628 ns)
Syncing filesystems ... done.
Freezing user space processes ... (elapsed 0.00 seconds) done.
Freezing remaining freezable tasks ... 
Freezing of tasks failed after 20.00 seconds (1 tasks refusing to
freeze): taskPC stack   pid father
swapper   S c1835a88 0 1  0
    0046 c0118c80 c1835a88 0004 0001 c011e875
0286 c01025a6   c1835b64   c1835a90
0001     007b  c1835a90
c0118c80 Call Trace:
 [] default_wake_function+0x0/0x10
 [] do_wait+0x335/0xac0
 [] kernel_thread+0x96/0xb0
 [] default_wake_function+0x0/0x10
 [] sys_wait4+0x31/0x40
 [] initrd_load+0x1b3/0x3a0
 [] prepare_namespace+0x98/0x1b0
 [] sys_access+0x1f/0x30
 [] kernel_init+0x166/0x260
 [] ret_from_fork+0x6/0x1c
 [] kernel_init+0x0/0x260
 [] kernel_init+0x0/0x260
 [] kernel_thread_helper+0x7/0x18
 ===
kthreadd  S 038f 0 2  0
    0046 c0487790 038f c183ff1c  c012d81b
c012d7b0   c0104b8f    
  
Call Trace:
 [] kthreadd+0x6b/0xd0
 [] kthreadd+0x0/0xd0
 [] kernel_thread_helper+0x7/0x18
 ===
ksoftirqd/0   S  0 3  2
    0046 fffc  c0120f00  c0120f7a
c012d782 c012d740   c0104b8f c183ff3c  
   
Call Trace:
 [] ksoftirqd+0x0/0x80
 [] ksoftirqd+0x7a/0x80
 [] kthread+0x42/0x70
 [] kthread+0x0/0x70
 [] kernel_thread_helper+0x7/0x18

<>


Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

2007-11-10 Thread Chris Friedhoff

please cc me, I'm not not subscribed to LKML

Hello,

with kernel 2.6.24-rc2 STD with s2disk suspends the system to disk, but
when I start the system and the suspended systemimage is loaded, it
fails to activate this suspended systemimage and continues after some
time with following the normal boot sequence.

I can sucessfully STD the system with the following sequence
  echo platform  /sys/power/disk
  echo disk  /sys/power/state
and when I start the laptop the suspended system is sucessfully
restored.

Both behaviors are reliable reproducable.

googling for Freezing of tasks failed swapper brought
Nigel Cunningham - PID namespaces break initrd+hibernate combination?
http://lkml.org/lkml/2007/11/4/140

dmesg output:
snip
RAMDISK: ext2 filesystem found at block 0
RAMDISK: Loading 2000KiB [1 disk] into ram disk... done.
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
VFS: Mounted root (ext2 filesystem).
swsusp: Marking nosave pages: 0009f000 - 0010
swsusp: Basic memory bitmaps created
Clocksource tsc unstable (delta = -128791628 ns)
Syncing filesystems ... done.
Freezing user space processes ... (elapsed 0.00 seconds) done.
Freezing remaining freezable tasks ... 
Freezing of tasks failed after 20.00 seconds (1 tasks refusing to
freeze): taskPC stack   pid father
swapper   S c1835a88 0 1  0
    0046 c0118c80 c1835a88 0004 0001 c011e875
0286 c01025a6   c1835b64   c1835a90
0001     007b  c1835a90
c0118c80 Call Trace:
 [c0118c80] default_wake_function+0x0/0x10
 [c011e875] do_wait+0x335/0xac0
 [c01025a6] kernel_thread+0x96/0xb0
 [c0118c80] default_wake_function+0x0/0x10
 [c011f031] sys_wait4+0x31/0x40
 [c04b7a23] initrd_load+0x1b3/0x3a0
 [c04b5108] prepare_namespace+0x98/0x1b0
 [c016090f] sys_access+0x1f/0x30
 [c04b47c6] kernel_init+0x166/0x260
 [c0103f4a] ret_from_fork+0x6/0x1c
 [c04b4660] kernel_init+0x0/0x260
 [c04b4660] kernel_init+0x0/0x260
 [c0104b8f] kernel_thread_helper+0x7/0x18
 ===
kthreadd  S 038f 0 2  0
    0046 c0487790 038f c183ff1c  c012d81b
c012d7b0   c0104b8f    
  
Call Trace:
 [c012d81b] kthreadd+0x6b/0xd0
 [c012d7b0] kthreadd+0x0/0xd0
 [c0104b8f] kernel_thread_helper+0x7/0x18
 ===
ksoftirqd/0   S  0 3  2
    0046 fffc  c0120f00  c0120f7a
c012d782 c012d740   c0104b8f c183ff3c  
   
Call Trace:
 [c0120f00] ksoftirqd+0x0/0x80
 [c0120f7a] ksoftirqd+0x7a/0x80
 [c012d782] kthread+0x42/0x70
 [c012d740] kthread+0x0/0x70
 [c0104b8f] kernel_thread_helper+0x7/0x18

snip


Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] Implement file posix capabilities

2006-11-29 Thread Chris Friedhoff

I use this patch with 2.6.18.3.
patching: ok
configuring: ok
compiling: ok
installing: ok
running: ok
tested with httpd, smbd, nmbd, named, cupsd, ping, traceroute,
modprobe, traceroute, ntpdate, xinit, killall, eject, dhcpd, route,
qemu: ok
I use this patch as documented: http://www.friedhoff.org/fscaps.html

I also tested the patched kernel with "CONFIG_SECURITY_FS_CAPABILITIES
is not set" and xinit kills X perfectly, when the GUI is stopped.

Any other tests that might be helpful?

The webpage is updated.

Chris

On Mon, 27 Nov 2006 11:07:40 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:

> From: Serge E. Hallyn <[EMAIL PROTECTED]>
> Subject: [PATCH 1/1] Implement file posix capabilities
> 
> Implement file posix capabilities.  This allows programs to be given a
> subset of root's powers regardless of who runs them, without having to use
> setuid and giving the binary all of root's powers.
> 
> This version works with Kaigai Kohei's userspace tools, found at
> http://www.kaigai.gr.jp/index.php.  For more information on how to use this
> patch, Chris Friedhoff has posted a nice page at
> http://www.friedhoff.org/fscaps.html.
> 
> Changelog:
>   Nov 27:
>   Incorporate fixes from Andrew Morton
>   (security-introduce-file-caps-tweaks and
>   security-introduce-file-caps-warning-fix)
>   Fix Kconfig dependency.
>   Fix change signaling behavior when file caps are not compiled in.

- snip -

Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] Implement file posix capabilities

2006-11-29 Thread Chris Friedhoff

I use this patch with 2.6.18.3.
patching: ok
configuring: ok
compiling: ok
installing: ok
running: ok
tested with httpd, smbd, nmbd, named, cupsd, ping, traceroute,
modprobe, traceroute, ntpdate, xinit, killall, eject, dhcpd, route,
qemu: ok
I use this patch as documented: http://www.friedhoff.org/fscaps.html

I also tested the patched kernel with CONFIG_SECURITY_FS_CAPABILITIES
is not set and xinit kills X perfectly, when the GUI is stopped.

Any other tests that might be helpful?

The webpage is updated.

Chris


On Mon, 27 Nov 2006 11:07:40 -0600
Serge E. Hallyn [EMAIL PROTECTED] wrote:

 From: Serge E. Hallyn [EMAIL PROTECTED]
 Subject: [PATCH 1/1] Implement file posix capabilities
 
 Implement file posix capabilities.  This allows programs to be given a
 subset of root's powers regardless of who runs them, without having to use
 setuid and giving the binary all of root's powers.
 
 This version works with Kaigai Kohei's userspace tools, found at
 http://www.kaigai.gr.jp/index.php.  For more information on how to use this
 patch, Chris Friedhoff has posted a nice page at
 http://www.friedhoff.org/fscaps.html.
 
 Changelog:
   Nov 27:
   Incorporate fixes from Andrew Morton
   (security-introduce-file-caps-tweaks and
   security-introduce-file-caps-warning-fix)
   Fix Kconfig dependency.
   Fix change signaling behavior when file caps are not compiled in.

- snip -


Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: file caps: permit unsafe signaling when CONFIG_FS_CAPS=n

2006-11-25 Thread Chris Friedhoff

Serge, may I ask you to send a new complete patch with Andrew Mortons
additions and this change and a new changelog entry.

Thanks
Chris


 On Fri, 24 Nov
2006 12:17:42 -0600 "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:

> Quoting Serge E. Hallyn ([EMAIL PROTECTED]):
> > Ok, the following patch restores the CONFIG_FS_CAPS=n signaling
> > behavior, but I'm having a config problem.  When
> > CONFIG_SECURITY_CAPABILITIES=n, and I toggle
> > CONFIG_SECURITY_FS_CAPABILITIES between y and n, security/commoncap.o
> > does not recompile.  However since capabilities are now the default
> > security module, commoncap.o is in fact included in the kernel build,
> > and therefore should be recompiled.
> > 
> > Looking into why, but maybe someone knows offhand what would be going
> > wrong?
> 
> Uh, never mind.  It does the right thing.  CONFIG_SECURITY=n means we
> use capabilities, but CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=n 
> means we use dummy.  The following patch fixes the Kconfig accordingly.
> 
> From: Serge E. Hallyn <[EMAIL PROTECTED]>
> Subject: [PATCH 1/1] file caps: don't show FILE_CAPABILITIES option when not 
> relevant
> 
> FILE_CAPABILITIES are relevant when CONFIG_SECURITY=n, but not when
> CONFIG_SECURITY=y && CONFIG_SECURITY_CAPABILITIES=n.  So make
> CONFIG_SECURITY_FS_CAPABILITIES depend on the right conditions.
> 
> Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]>
> ---
>  security/Kconfig |1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/security/Kconfig b/security/Kconfig
> index 6c9d69e..1b47f01 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -82,6 +82,7 @@ config SECURITY_CAPABILITIES
>  
>  config SECURITY_FS_CAPABILITIES
>   bool "File POSIX Capabilities"
> + depends on SECURITY=n || SECURITY_CAPABILITIES=y
>   default n
>   help
> This enables filesystem capabilities, allowing you to give
> -- 
> 1.4.1
> 



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: file caps: permit unsafe signaling when CONFIG_FS_CAPS=n

2006-11-25 Thread Chris Friedhoff

Serge, may I ask you to send a new complete patch with Andrew Mortons
additions and this change and a new changelog entry.

Thanks
Chris


 On Fri, 24 Nov
2006 12:17:42 -0600 Serge E. Hallyn [EMAIL PROTECTED] wrote:

 Quoting Serge E. Hallyn ([EMAIL PROTECTED]):
  Ok, the following patch restores the CONFIG_FS_CAPS=n signaling
  behavior, but I'm having a config problem.  When
  CONFIG_SECURITY_CAPABILITIES=n, and I toggle
  CONFIG_SECURITY_FS_CAPABILITIES between y and n, security/commoncap.o
  does not recompile.  However since capabilities are now the default
  security module, commoncap.o is in fact included in the kernel build,
  and therefore should be recompiled.
  
  Looking into why, but maybe someone knows offhand what would be going
  wrong?
 
 Uh, never mind.  It does the right thing.  CONFIG_SECURITY=n means we
 use capabilities, but CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=n 
 means we use dummy.  The following patch fixes the Kconfig accordingly.
 
 From: Serge E. Hallyn [EMAIL PROTECTED]
 Subject: [PATCH 1/1] file caps: don't show FILE_CAPABILITIES option when not 
 relevant
 
 FILE_CAPABILITIES are relevant when CONFIG_SECURITY=n, but not when
 CONFIG_SECURITY=y  CONFIG_SECURITY_CAPABILITIES=n.  So make
 CONFIG_SECURITY_FS_CAPABILITIES depend on the right conditions.
 
 Signed-off-by: Serge E. Hallyn [EMAIL PROTECTED]
 ---
  security/Kconfig |1 +
  1 files changed, 1 insertions(+), 0 deletions(-)
 
 diff --git a/security/Kconfig b/security/Kconfig
 index 6c9d69e..1b47f01 100644
 --- a/security/Kconfig
 +++ b/security/Kconfig
 @@ -82,6 +82,7 @@ config SECURITY_CAPABILITIES
  
  config SECURITY_FS_CAPABILITIES
   bool File POSIX Capabilities
 + depends on SECURITY=n || SECURITY_CAPABILITIES=y
   default n
   help
 This enables filesystem capabilities, allowing you to give
 -- 
 1.4.1
 



Chris Friedhoff
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/1] security: introduce fs caps

2006-11-17 Thread Chris Friedhoff

compiling fscaps-1.0-kg.src.rpm just gives the same result
/bin/ping: Invalid argument (errno=22)
trace output attached

Chris


Chris Friedhoff
[EMAIL PROTECTED]


strace-ping-sles10-b.gz
Description: Binary data

Re: [PATCH 1/1] security: introduce fs caps

2006-11-17 Thread Chris Friedhoff

> Good quesion.  My gentoo ia32 machine uses libcap.so.1.10.  Probably a FAQ, 
> but is 1.92 actually older than 1.10?
looking at these locations, yes
http://www.me.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.3/
http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/

> | Kaigai also provides a srpm package to compile.
> |  VFS Capability Support -> fscaps version 1.0 [SRPM]
> | (http://www.kaigai.gr.jp/pub/fscaps-1.0-kg.src.rpm)
> 
> I'll try that next.

I installed sles10 in qemu on my pentium-m laptop, compiled  a kernel
with fscap support and installed fscaps-1.0-kg.i386.rpm and got "Invalid
argument (errno=22)" error.
trace output is attached

# id
uid=0(root) gid=0(root) groups=0(root)
# uname -a
Linux sles10 2.6.19-rc3-fscaps-a #2 Fri Nov 17 09:17:40 CET 2006 i686
i686 i386 GNU/Linux
# rpm -q fscaps
fscaps-1.0-kg
# zgrep -i capa /proc/config.gz
CONFIG_SECURITY_FS_CAPABILITIES=y
# setfcaps cap_net_raw=ep /bin/ping
/bin/ping: Invalid argument (errno=22)
# setfcaps cap_sys_module=ep /sbin/modprobe
/sbin/modprobe: Invalid argument (errno=22)
# ls -l /lib/libcap.so*
lrwxrwxrwx 1 root root11 Nov 17 09:51 /lib/libcap.so -> libcap.so.1
lrwxrwxrwx 1 root root14 Nov 16 11:57 /lib/libcap.so.1 ->
libcap.so.1.92 -rwxr-xr-x 1 root root 10456 Jun 16
15:14 /lib/libcap.so.1.92




Chris Friedhoff
[EMAIL PROTECTED]



strace-ping-sles10.gz
Description: Binary data

Re: [PATCH 1/1] security: introduce fs caps

2006-11-17 Thread Chris Friedhoff

 Good quesion.  My gentoo ia32 machine uses libcap.so.1.10.  Probably a FAQ, 
 but is 1.92 actually older than 1.10?
looking at these locations, yes
http://www.me.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.3/
http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/

 | Kaigai also provides a srpm package to compile.
 |  VFS Capability Support - fscaps version 1.0 [SRPM]
 | (http://www.kaigai.gr.jp/pub/fscaps-1.0-kg.src.rpm)
 
 I'll try that next.

I installed sles10 in qemu on my pentium-m laptop, compiled  a kernel
with fscap support and installed fscaps-1.0-kg.i386.rpm and got Invalid
argument (errno=22) error.
trace output is attached

# id
uid=0(root) gid=0(root) groups=0(root)
# uname -a
Linux sles10 2.6.19-rc3-fscaps-a #2 Fri Nov 17 09:17:40 CET 2006 i686
i686 i386 GNU/Linux
# rpm -q fscaps
fscaps-1.0-kg
# zgrep -i capa /proc/config.gz
CONFIG_SECURITY_FS_CAPABILITIES=y
# setfcaps cap_net_raw=ep /bin/ping
/bin/ping: Invalid argument (errno=22)
# setfcaps cap_sys_module=ep /sbin/modprobe
/sbin/modprobe: Invalid argument (errno=22)
# ls -l /lib/libcap.so*
lrwxrwxrwx 1 root root11 Nov 17 09:51 /lib/libcap.so - libcap.so.1
lrwxrwxrwx 1 root root14 Nov 16 11:57 /lib/libcap.so.1 -
libcap.so.1.92 -rwxr-xr-x 1 root root 10456 Jun 16
15:14 /lib/libcap.so.1.92




Chris Friedhoff
[EMAIL PROTECTED]



strace-ping-sles10.gz
Description: Binary data

Re: [PATCH 1/1] security: introduce fs caps

2006-11-17 Thread Chris Friedhoff

compiling fscaps-1.0-kg.src.rpm just gives the same result
/bin/ping: Invalid argument (errno=22)
trace output attached

Chris


Chris Friedhoff
[EMAIL PROTECTED]


strace-ping-sles10-b.gz
Description: Binary data

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2; now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading - now 2.6.24-rc3

Re: Posix file capabilities in 2.6.24rc2

Re: Posix file capabilities in 2.6.24rc2

Re: Posix file capabilities in 2.6.24rc2

Re: Posix file capabilities in 2.6.24rc2

Posix file capabilities in 2.6.24rc2

Posix file capabilities in 2.6.24rc2

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

Re: 2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

2.6.24-rc2 STD with s2disk fails to activate suspended system after loading

Re: [PATCH] Implement file posix capabilities

Re: [PATCH] Implement file posix capabilities

Re: file caps: permit unsafe signaling when CONFIG_FS_CAPS=n

Re: file caps: permit unsafe signaling when CONFIG_FS_CAPS=n

Re: [PATCH 1/1] security: introduce fs caps

Re: [PATCH 1/1] security: introduce fs caps

Re: [PATCH 1/1] security: introduce fs caps

Re: [PATCH 1/1] security: introduce fs caps

34 matches

Site Navigation

Mail list logo

Footer information