-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
KaiGai Kohei wrote:
> Serge,
>
> Please tell me the meanings of the following condition.
>
>> diff --git a/security/commoncap.c b/security/commoncap.c
>> index 3a95990..cb71bb0 100644
>> --- a/security/commoncap.c
>> +++ b/security/commoncap.c
>> @@
--- Jiri Slaby <[EMAIL PROTECTED]> wrote:
> On 12/03/2007 07:39 PM, Casey Schaufler wrote:
> > From: Casey Schaufler <[EMAIL PROTECTED]>
> >
> > Clean out unnecessary mutex initializations for Smack list locks.
> > Once this is done, there is no need for them to be shared among
> > multiple file
Serge,
Please tell me the meanings of the following condition.
diff --git a/security/commoncap.c b/security/commoncap.c
index 3a95990..cb71bb0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -133,6 +119,12 @@ int cap_capset_check (struct task_struct *target,
kernel_cap_t *effec
On 12/03/2007 07:39 PM, Casey Schaufler wrote:
> From: Casey Schaufler <[EMAIL PROTECTED]>
>
> Clean out unnecessary mutex initializations for Smack list locks.
> Once this is done, there is no need for them to be shared among
> multiple files, so pull them out of the header file and put them
> in
Serge E. Hallyn wrote:
> Quoting Crispin Cowan ([EMAIL PROTECTED]):
>
>> I think that CAP_NS_OVERRIDE|CAP_SYS_PTRACE is a problem because of the
> Oops, yeah I meant &.
>
Cool. With & then I have no problem at all.
Thanks,
Crispin
--
Crispin Cowan, Ph.D. http://crispincow
From: Casey Schaufler <[EMAIL PROTECTED]>
Clean out unnecessary mutex initializations for Smack list locks.
Once this is done, there is no need for them to be shared among
multiple files, so pull them out of the header file and put them
in the files where they belong.
Pull unnecessary locking fro
Quoting Andrew Morgan ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> [I've droped lkml]
>
> KaiGai Kohei wrote:
> >> But !cap_xxx is a bit misunderstandable for me. Someone may misunderstand
> >> this line means any capabilities except for cap_xxx.
>
> I like '!', but
Quoting Crispin Cowan ([EMAIL PROTECTED]):
> Serge E. Hallyn wrote:
> > Quoting Crispin Cowan ([EMAIL PROTECTED]):
> >
> >> I find that ptrace, specifically CAP_SYS_PTRACE, is overloaded. AppArmor
> >> is having problems because we have to choose between granting
> >> cap_sys_ptrace, or not allo
Hello.
Patrick McHardy wrote:
> No news on that. I'm also a bit sceptical if adding all this complexity
> and overhead would really be worth it (considering only netfilter) just
> to use the owner match and UID/GID matching. It wouldn't even be
> accurate because there is not 1:1 mapping of socket
