Re: 2.6.25 Kernel - Problems with capabilities

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: David <david@...>

Cc: <efault@...>, <linux-kernel@...>, Andrew G. Morgan <morgan@...>, <linux-security-module@...>, Serge E. Hallyn <serue@...>

Subject: Re: 2.6.25 Kernel - Problems with capabilities

Date: Sunday, April 20, 2008 - 6:21 pm

(cc's added)


quoted text> On Sun, 20 Apr 2008 15:09:11 +0100 David <david@unsolicited.net> wrote:
> Mike Galbraith wrote:
> > On Sat, 2008-04-19 at 19:43 +0100, David wrote:
> >   
> >> I'm wondering if anyone might be able to help with a capability problem 
> >> I've noticed with .25 My ntp daemon will no longer run as any non-root 
> >> user, and after some investigation it seems that calls to prctl() are 
> >> failing.
> >>
> >> CONFIG_SECURITY_CAPABILITIES=y , so this should work?
> >>
> >> System is 32 bit x86 based on a venerable SuSE 9.1 distro.
> >>
> >> Full .config is attached.
> >>
> >> Thanks
> >> David
> >>
> >>
> >>     
> >
> > FWIW, ntpd runs just fine here as user ntp on both my P4 and Q6600 boxen
> > with opensuse 10.3.
> >
> > marge:..tmp/linux-2.6.25 # grep SECUR .config
> > CONFIG_EXT2_FS_SECURITY=y
> > CONFIG_EXT3_FS_SECURITY=y
> > CONFIG_EXT4DEV_FS_SECURITY=y
> > CONFIG_SECURITY=y
> > CONFIG_SECURITY_NETWORK=y
> > CONFIG_SECURITY_NETWORK_XFRM=y
> > CONFIG_SECURITY_CAPABILITIES=y
> > CONFIG_SECURITY_FILE_CAPABILITIES=y
> > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
> > # CONFIG_SECURITY_SELINUX is not set
> > marge:..tmp/linux-2.6.25 # grep SECUR /xx
> > CONFIG_EXT2_FS_SECURITY=y
> > CONFIG_EXT3_FS_SECURITY=y
> > CONFIG_REISERFS_FS_SECURITY=y
> > # CONFIG_XFS_SECURITY is not set
> > CONFIG_SECURITY=y
> > CONFIG_SECURITY_NETWORK=y
> > # CONFIG_SECURITY_NETWORK_XFRM is not set
> > CONFIG_SECURITY_CAPABILITIES=y
> > # CONFIG_SECURITY_FILE_CAPABILITIES is not set
> > # CONFIG_SECURITY_ROOTPLUG is not set
> > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
> >
> > I notice I have CONFIG_SECURITY_FILE_CAPABILITIES set, and you don't.  I
> > have not even the foggiest clue whether that has anything to do with the
> > price of tea in china though :)
> >   
> I've just set
> 
> CONFIG_SECURITY_FILE_CAPABILITIES=y
> CONFIG_SECURITY_NETWORK_XFRM=y
> 
> to no avail.. I still get
> 
> 
> 20 Apr 15:04:20 ntpd[15694]: cap_set_proc() failed to drop root 
> privileges: Invalid argument
> 
> after rebuild & reboot. No massive deal, I'll just run ntpd as root for 
> now, but there's definitely something funny going on.
> 
> Cheers
> David

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: 2.6.25 Kernel - Problems with capabilities, David, (Sun Apr 20, 10:09 am)

Re: 2.6.25 Kernel - Problems with capabilities, Andrew Morton, (Sun Apr 20, 6:21 pm)

Re: 2.6.25 Kernel - Problems with capabilities, Casey Schaufler, (Sun Apr 20, 1:15 pm)

Re: 2.6.25 Kernel - Problems with capabilities, David, (Sun Apr 20, 1:29 pm)

Re: 2.6.25 Kernel - Problems with capabilities, , (Sun Apr 20, 8:00 pm)

Re: 2.6.25 Kernel - Problems with capabilities, David R, (Mon Apr 21, 3:01 am)

Re: 2.6.25 Kernel - Problems with capabilities, , (Mon Apr 21, 2:34 pm)

Re: 2.6.25 Kernel - Problems with capabilities, David, (Mon Apr 21, 2:48 pm)

Re: 2.6.25 Kernel - Problems with capabilities, , (Mon Apr 21, 3:01 pm)

Re: 2.6.25 Kernel - Problems with capabilities, David, (Mon Apr 21, 4:28 pm)

Re: 2.6.25 Kernel - Problems with capabilities, , (Mon Apr 21, 10:42 pm)

Re: 2.6.25 Kernel - Problems with capabilities, Andrew G. Morgan, (Tue Apr 22, 1:29 am)

Re: 2.6.25 Kernel - Problems with capabilities, David R, (Tue Apr 22, 1:54 am)

Re: 2.6.25 Kernel - Problems with capabilities, Andrew Morgan, (Sun Apr 20, 8:44 pm)

Re: 2.6.25 Kernel - Problems with capabilities, David R, (Mon Apr 21, 3:20 am)

Re: 2.6.25 Kernel - Problems with capabilities, Andi Kleen, (Sun Apr 20, 3:08 pm)

Re: 2.6.25 Kernel - Problems with capabilities, Casey Schaufler, (Sun Apr 20, 6:04 pm)

Re: 2.6.25 Kernel - Problems with capabilities, Andi Kleen, (Sun Apr 20, 6:36 pm)


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Hiten Pandya	Re: up? (emacs docbook xml ide)
Martin Michlmayr	Network slowdown due to CFS
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Natalie Protasevich	[BUG] New Kernel Bugs
dragonflybsd-user:
Yaroslav Tarasenko	Re: PC-BSD
Ben Cadieux	DragonFly MBR
justin	Re: dragonfly pdf documentation
dark0s Optik	DragonFly over Sony Vaio