Saturday, July 16, 2011, 11:50:49 PM, you wrote:
Unices do not support thread-based UIDs or privileges.
(IIRC Windows does, but again, that is of no concern
right now).
No. POSIX capabilities are thread local. That's why it doesn't play well with
uid changing. Maybe it's not supposed to
On Jul 16, 2011, at 10:11 AM, Leif Hedstrom wrote:
On platforms that provides this feature, should we make it mandatory for v3.2
(trunk)? I think it'd simplify things, and avoid bug reports / problems
related to it. Granted, we still have to clean up our code mess here (with
duplicated
- Original Message -
On platforms that provides this feature, should we make it mandatory
for
v3.2 (trunk)? I think it'd simplify things, and avoid bug reports /
problems related to it. Granted, we still have to clean up our code
That's two platforms right now: Solaris and Linux,
- Original Message -
http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/secure-chroot.html#AEN1514
3.5.2POSIX®.1e Process Capabilities
POSIX® has released a working draft that adds event auditing,
access
control lists, fine grained privileges,
According to what I found[1] this project is current inoperative and it's
unclear when (if ever) it will be available on FreeBSD.
Personally, I think the better option is for me to fix the libcap related
problems so it's not required. It's a bit ugly but not all that difficult. Now
that I have
[1] http://www.trustedbsd.org/privileges.html
As I already mentioned, the way to go for FreeBSD will
probably turn out to be capsicum. But that is of no
concern right now. (Only with 9.0)
Unices do not support thread-based UIDs or privileges.
(IIRC Windows does, but again, that is of no