On Wed, Oct 05, 2016 at 11:00:57PM +0200, Christian Seiler wrote:
> On 10/05/2016 08:28 PM, Dan Williams wrote:
> > This is more about root processes dropping unnecessary privileges after
> > starting. But at least for the network stuff, there doesn't seem to be
> > a good reason to restrict
>>> Konrad Rzeszutek Wilk schrieb am 05.10.2016 um 01:23 in
Nachricht
:
> On Oct 4, 2016 12:11 PM, "Dan Williams" wrote:
>>
>> On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote:
>> > On
On 10/05/2016 08:28 PM, Dan Williams wrote:
> On Tue, 2016-10-04 at 19:23 -0400, Konrad Rzeszutek Wilk wrote:
>> On Oct 4, 2016 12:11 PM, "Dan Williams" wrote:
>>>
>>>
>>> On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote:
On Tue, Oct 04, 2016 at 11:03:05AM -0500,
On Tue, 2016-10-04 at 19:23 -0400, Konrad Rzeszutek Wilk wrote:
> On Oct 4, 2016 12:11 PM, "Dan Williams" wrote:
> >
> >
> > On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote:
> > >
> > > On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote:
> > > >
> > > >
> > >
On Oct 4, 2016 12:11 PM, "Dan Williams" wrote:
>
> On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote:
> > On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote:
> > >
> > > All the iSCSI boot entries are read-only anyway; it's unclear why
> > > the
> > > CAP_SYS_ADMIN
>>> Dan Williams schrieb am 04.10.2016 um 18:11 in Nachricht
<1475597465.21760.3.ca...@redhat.com>:
> On Tue, 2016-10-04 at 12:08 -0400, Peter Jones wrote:
>> On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote:
>> >
>> > All the iSCSI boot entries are read-only anyway;
On Tue, Oct 04, 2016 at 11:03:05AM -0500, Dan Williams wrote:
> All the iSCSI boot entries are read-only anyway; it's unclear why the
> CAP_SYS_ADMIN restriction is in place since this information isn't
> particularly sensitive and cannot be changed. Userspace applications
> may want to read this