Quoting Kees Cook (keesc...@chromium.org):
> On Sun, Oct 7, 2012 at 2:56 AM, Andrew Vagin wrote:
> > Without this patch it is really hard to interpret a bounding set,
> > if CAP_LAST_CAP is unknown for a current kernel.
> >
> > Non-existant capabilities can not be deleted from a bounding set
> >
Quoting Kees Cook (keesc...@chromium.org):
On Sun, Oct 7, 2012 at 2:56 AM, Andrew Vagin ava...@openvz.org wrote:
Without this patch it is really hard to interpret a bounding set,
if CAP_LAST_CAP is unknown for a current kernel.
Non-existant capabilities can not be deleted from a bounding
On Sun, Oct 7, 2012 at 2:56 AM, Andrew Vagin wrote:
> Without this patch it is really hard to interpret a bounding set,
> if CAP_LAST_CAP is unknown for a current kernel.
>
> Non-existant capabilities can not be deleted from a bounding set
> with help of prctl.
>
> E.g.: Here are two examples
Without this patch it is really hard to interpret a bounding set,
if CAP_LAST_CAP is unknown for a current kernel.
Non-existant capabilities can not be deleted from a bounding set
with help of prctl.
E.g.: Here are two examples without/with this patch.
CapBnd: ffe0fdec
CapBnd:
Without this patch it is really hard to interpret a bounding set,
if CAP_LAST_CAP is unknown for a current kernel.
Non-existant capabilities can not be deleted from a bounding set
with help of prctl.
E.g.: Here are two examples without/with this patch.
CapBnd: ffe0fdec
CapBnd:
On Sun, Oct 7, 2012 at 2:56 AM, Andrew Vagin ava...@openvz.org wrote:
Without this patch it is really hard to interpret a bounding set,
if CAP_LAST_CAP is unknown for a current kernel.
Non-existant capabilities can not be deleted from a bounding set
with help of prctl.
E.g.: Here are two
6 matches
Mail list logo