login
Login
/
Register
Search
Header Space
Forums
News
Jobs
Blogs
Features
Man Pages
Site
Home
»
Mailing list archives
»
linux-kernel
»
2008
»
April
»
20
Re: 2.6.25 Kernel - Problems with capabilities
view
thread
Score:
Previous message: [
thread
] [
date
] [
author
]
Next message: [
thread
] [
date
] [
author
]
[view in full thread]
From:
Andrew Morton <akpm@...>
To: David <david@...>
Cc: <efault@...>, <linux-kernel@...>, Andrew G. Morgan <morgan@...>, <linux-security-module@...>, Serge E. Hallyn <serue@...>
Subject:
Re: 2.6.25 Kernel - Problems with capabilities
Date: Sunday, April 20, 2008 - 6:21 pm
(cc's added)
quoted text
> On Sun, 20 Apr 2008 15:09:11 +0100 David <david@unsolicited.net> wrote: > Mike Galbraith wrote: > > On Sat, 2008-04-19 at 19:43 +0100, David wrote: > > > >> I'm wondering if anyone might be able to help with a capability problem > >> I've noticed with .25 My ntp daemon will no longer run as any non-root > >> user, and after some investigation it seems that calls to prctl() are > >> failing. > >> > >> CONFIG_SECURITY_CAPABILITIES=y , so this should work? > >> > >> System is 32 bit x86 based on a venerable SuSE 9.1 distro. > >> > >> Full .config is attached. > >> > >> Thanks > >> David > >> > >> > >> > > > > FWIW, ntpd runs just fine here as user ntp on both my P4 and Q6600 boxen > > with opensuse 10.3. > > > > marge:..tmp/linux-2.6.25 # grep SECUR .config > > CONFIG_EXT2_FS_SECURITY=y > > CONFIG_EXT3_FS_SECURITY=y > > CONFIG_EXT4DEV_FS_SECURITY=y > > CONFIG_SECURITY=y > > CONFIG_SECURITY_NETWORK=y > > CONFIG_SECURITY_NETWORK_XFRM=y > > CONFIG_SECURITY_CAPABILITIES=y > > CONFIG_SECURITY_FILE_CAPABILITIES=y > > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 > > # CONFIG_SECURITY_SELINUX is not set > > marge:..tmp/linux-2.6.25 # grep SECUR /xx > > CONFIG_EXT2_FS_SECURITY=y > > CONFIG_EXT3_FS_SECURITY=y > > CONFIG_REISERFS_FS_SECURITY=y > > # CONFIG_XFS_SECURITY is not set > > CONFIG_SECURITY=y > > CONFIG_SECURITY_NETWORK=y > > # CONFIG_SECURITY_NETWORK_XFRM is not set > > CONFIG_SECURITY_CAPABILITIES=y > > # CONFIG_SECURITY_FILE_CAPABILITIES is not set > > # CONFIG_SECURITY_ROOTPLUG is not set > > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 > > > > I notice I have CONFIG_SECURITY_FILE_CAPABILITIES set, and you don't. I > > have not even the foggiest clue whether that has anything to do with the > > price of tea in china though :) > > > I've just set > > CONFIG_SECURITY_FILE_CAPABILITIES=y > CONFIG_SECURITY_NETWORK_XFRM=y > > to no avail.. I still get > > > 20 Apr 15:04:20 ntpd[15694]: cap_set_proc() failed to drop root > privileges: Invalid argument > > after rebuild & reboot. No massive deal, I'll just run ntpd as root for > now, but there's definitely something funny going on. > > Cheers > David
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/
Previous message: [
thread
] [
date
] [
author
]
Next message: [
thread
] [
date
] [
author
]
Messages in current thread:
Re: 2.6.25 Kernel - Problems with capabilities
, David
, (Sun Apr 20, 10:09 am)
Re: 2.6.25 Kernel - Problems with capabilities
, Andrew Morton
, (Sun Apr 20, 6:21 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, Casey Schaufler
, (Sun Apr 20, 1:15 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, David
, (Sun Apr 20, 1:29 pm)
Re: 2.6.25 Kernel - Problems with capabilities
,
, (Sun Apr 20, 8:00 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, David R
, (Mon Apr 21, 3:01 am)
Re: 2.6.25 Kernel - Problems with capabilities
,
, (Mon Apr 21, 2:34 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, David
, (Mon Apr 21, 2:48 pm)
Re: 2.6.25 Kernel - Problems with capabilities
,
, (Mon Apr 21, 3:01 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, David
, (Mon Apr 21, 4:28 pm)
Re: 2.6.25 Kernel - Problems with capabilities
,
, (Mon Apr 21, 10:42 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, Andrew G. Morgan
, (Tue Apr 22, 1:29 am)
Re: 2.6.25 Kernel - Problems with capabilities
, David R
, (Tue Apr 22, 1:54 am)
Re: 2.6.25 Kernel - Problems with capabilities
, Andrew Morgan
, (Sun Apr 20, 8:44 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, David R
, (Mon Apr 21, 3:20 am)
Re: 2.6.25 Kernel - Problems with capabilities
, Andi Kleen
, (Sun Apr 20, 3:08 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, Casey Schaufler
, (Sun Apr 20, 6:04 pm)
Re: 2.6.25 Kernel - Problems with capabilities
, Andi Kleen
, (Sun Apr 20, 6:36 pm)
Navigation
Create content
Mailing list archives
Recent posts
Mail archive search
Enter your search terms.
all mailing lists
alsa-devel
dragonflybsd-bugs
dragonflybsd-commit
dragonflybsd-docs
dragonflybsd-kernel
dragonflybsd-submit
dragonflybsd-user
freebsd-announce
freebsd-bugs
freebsd-chat
freebsd-cluster
freebsd-current
freebsd-drivers
freebsd-embeded
freebsd-fs
freebsd-hackers
freebsd-hardware
freebsd-mobile
freebsd-net
freebsd-performance
freebsd-pf
freebsd-security
freebsd-security-notifications
freebsd-threads
git
git-commits-head
linux-activists
linux-arm
linux-ath5k-devel
linux-btrfs
linux-c-programming
linux-driver-devel
linux-ext4
linux-fsdevel
linux-ia64
linux-input
linux-kernel
linux-kernel-janitors
linux-kernel-mentors
linux-kernel-newbies
linux-kvm
linux-net
linux-netdev
linux-newbie
linux-nfs
linux-raid
linux-scsi
linux-security-module
linux-sparse
linux-usb
linux-usb-devel
madwifi-devel
netbsd-announce
netbsd-tech-kern
openbsd-announce
openbsd-bugs
openbsd-ipv6
openbsd-misc
openbsd-security-announce
openbsd-smp
openbsd-source-changes
openbsd-tech
openfabrics-general
openmoko-community
openmoko-devel
openmoko-kernel
reiserfs-devel
tux3
ucarp
Optionally limit your search to a specific mailing list.
advanced
Popular discussions
linux-kernel
:
Arjan van de Ven
[Patch v2] Make PCI extended config space (MMCONFIG) a driver opt-in
Linus Torvalds
Linux 2.6.27-rc8
Tilman Schmidt
git guidance
Greg KH
[GIT PATCH] driver core patches against 2.6.24
git
:
Martin Langhoff
Re: pack operation is thrashing my server
Alan Larkin
fatal: Out of memory, malloc failed
Mark Junker
git on MacOSX and files with decomposed utf-8 file names
Alex Riesen
Re: How do get a specific version of a particular file?
openbsd-misc
:
Leon Dippenaar
New tcp stack attack
Richard Stallman
Real men don't attack straw men
Pieter Verberne
Remove escape characters from file
Juan Miscaro
removing sendmail
linux-netdev
:
Gerrit Renker
[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller
[GIT]: Networking
Chuck Lever
Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
David Miller
Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Latest forum posts
usb mic not detected
36 minutes ago
Applications and Utilities
Add ext2 inode field
9 hours ago
Linux kernel
the kernel how to power off the machine
19 hours ago
Linux kernel
struct gendisk via request_queue
21 hours ago
Linux kernel
page initialization during kernel initialization
1 day ago
Linux kernel
Read Transport Layer Data form network packets (tcp/ip)
2 days ago
Linux kernel
Getting blinking screen in Fedora 9
2 days ago
Linux general
Problem with kernel + libata
3 days ago
Linux kernel
How to detect usb device insertioin and removal event ?
3 days ago
Linux general
toshiba m30x-129 herbinaiton problem
3 days ago
Hardware
Show all forums...
Recent Tags
Linus Torvalds
2.6.27-rc8
Linux
quote
-rc
2.6.27
bugs
-rc8
Intel
more tags
Colocation donated by:
Who's online
There are currently
4 users
and
1117 guests
online.
Online users
rahumathali
gmicsko
thorfinn@kernel...
strcmp
Syndicate
speck-geostationary