From: "Rafael J. Wysocki" <rjw@rjwysocki.net>
To: John Stultz <john.stultz@linaro.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
James Morris <jmorris@namei.org>,
Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@amacapital.net>, Jann Horn <jann@thejh.net>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-man <linux-man@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>
Subject: Re: RFC: capabilities(7): notes for kernel developers
Date: Mon, 19 Dec 2016 21:20:24 +0100 [thread overview]
Message-ID: <1901394.l2S6b8SCmT@aspire.rjw.lan> (raw)
In-Reply-To: <CALAqxLUzmFcnfNU5RtF241Lu4He1BAQpqKttydUj4_cv4j==DQ@mail.gmail.com>
On Friday, December 16, 2016 01:16:15 PM John Stultz wrote:
> On Fri, Dec 16, 2016 at 1:05 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> > Quoting John Stultz (john.stultz@linaro.org):
> >> On Fri, Dec 16, 2016 at 12:10 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> >> > Quoting Michael Kerrisk (man-pages) (mtk.manpages@gmail.com):
> >> >> On 12/16/2016 01:44 AM, Casey Schaufler wrote:
> >> >> > On 12/15/2016 4:31 PM, John Stultz wrote:
> >> >> >> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
> >> >> >> <casey@schaufler-ca.com> wrote:
> >> >> >>> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
> >> >> >>>> On 12/15/2016 05:29 PM, Casey Schaufler wrote:
> >> >> >>>>> CAP_WAKE_ALARM could readily be CAP_TIME.
> >> >> >>>> Actually, I don't quite understand what you mean with that sentence.
> >> >> >>>> Could you elaborate?
> >> >> >>> Should have said CAP_SYS_TIME
> >> >> >>>
> >> >> >>> Setting an alarm could be considered a time management function,
> >> >> >>> depending on what it actually does.
> >> >> >> Just a nit here. CAP_WAKE_ALARM is more about the privilege of waking
> >> >> >> a system from suspend, while CAP_SYS_TIME covers the ability to set
> >> >> >> the time. One wouldn't necessarily want to give applications which
> >> >> >> could wake a system up the capability to also set the time.
> >> >> >
> >> >> > Doesn't really matter, except that an ignorant developer
> >> >> > might make the mistake I did and assume that WAKE_ALARM
> >> >> > was somehow related to time management. If you want to use
> >> >> > it as an example don't let my dunderheadedness get in your
> >> >> > way.
> >> >>
> >> >> Actually, I decided it wasn't such a good example anyway.
> >> >> That capability could potentially be generic. (But it probably
> >> >> should better have been named something like 'CAP_WAKE_SYSTEM'.)
> >> >
> >> > How about:
> >> >
> >> > Subject: [PATCH 1/1] capabilities: alias CAP_WAKE_SYSTEM to CAP_WAKE_ALARM
> >> >
> >> > As suggested by Michael Kerrisk his is a less confusing name, and
> >> > this won't break any old userspace.
> >> >
> >> > Signed-off-by: Serge Hallyn <serge@hallyn.com>
> >> > Cc: Michael Kerrisk <mtk.manpages@gmail.com>
> >> > ---
> >> > include/uapi/linux/capability.h | 2 ++
> >> > 1 file changed, 2 insertions(+)
> >> >
> >> > diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> >> > index fd4f87d..ba972ff 100644
> >> > --- a/include/uapi/linux/capability.h
> >> > +++ b/include/uapi/linux/capability.h
> >> > @@ -357,6 +357,8 @@ struct vfs_ns_cap_data {
> >> >
> >> > #define CAP_WAKE_ALARM 35
> >> >
> >> > +#define CAP_WAKE_SYSTEM CAP_WAKE_ALARM
> >> > +
> >>
> >> I was thinking of the same thing. Although I might rename the
> >> numerical define to WAKE_SYSTEM and put WAKE_ALARM as the alias (along
> >> with a comment as to WAKE_ALARM being deprecated), so its more clear
> >> which is the one that ought to be used by new code.
> >>
> >> However, in the spirit of this thread, we might even consider
> >> broadening the cap silo a bit further, to something like
> >> CAP_WAKE_SUSPEND, such that it might also be able to cover broader PM
> >> actions?
> >
> > Or just CAP_UNSUSPEND?
>
> I guess I was trying to capture it could be use for actions like both
> waking and suspending the system.
Well, CAP_SYS_PM comes to mind then.
Thanks,
Rafael
WARNING: multiple messages have this Message-ID (diff)
From: "Rafael J. Wysocki" <rjw-LthD3rsA81gm4RdzfppkhA@public.gmane.org>
To: John Stultz <john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Cc: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
"Michael Kerrisk (man-pages)"
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>,
James Morris <jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Jann Horn <jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
linux-man <linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-security-module
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: RFC: capabilities(7): notes for kernel developers
Date: Mon, 19 Dec 2016 21:20:24 +0100 [thread overview]
Message-ID: <1901394.l2S6b8SCmT@aspire.rjw.lan> (raw)
In-Reply-To: <CALAqxLUzmFcnfNU5RtF241Lu4He1BAQpqKttydUj4_cv4j==DQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Friday, December 16, 2016 01:16:15 PM John Stultz wrote:
> On Fri, Dec 16, 2016 at 1:05 PM, Serge E. Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> wrote:
> > Quoting John Stultz (john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org):
> >> On Fri, Dec 16, 2016 at 12:10 PM, Serge E. Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> wrote:
> >> > Quoting Michael Kerrisk (man-pages) (mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org):
> >> >> On 12/16/2016 01:44 AM, Casey Schaufler wrote:
> >> >> > On 12/15/2016 4:31 PM, John Stultz wrote:
> >> >> >> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
> >> >> >> <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org> wrote:
> >> >> >>> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
> >> >> >>>> On 12/15/2016 05:29 PM, Casey Schaufler wrote:
> >> >> >>>>> CAP_WAKE_ALARM could readily be CAP_TIME.
> >> >> >>>> Actually, I don't quite understand what you mean with that sentence.
> >> >> >>>> Could you elaborate?
> >> >> >>> Should have said CAP_SYS_TIME
> >> >> >>>
> >> >> >>> Setting an alarm could be considered a time management function,
> >> >> >>> depending on what it actually does.
> >> >> >> Just a nit here. CAP_WAKE_ALARM is more about the privilege of waking
> >> >> >> a system from suspend, while CAP_SYS_TIME covers the ability to set
> >> >> >> the time. One wouldn't necessarily want to give applications which
> >> >> >> could wake a system up the capability to also set the time.
> >> >> >
> >> >> > Doesn't really matter, except that an ignorant developer
> >> >> > might make the mistake I did and assume that WAKE_ALARM
> >> >> > was somehow related to time management. If you want to use
> >> >> > it as an example don't let my dunderheadedness get in your
> >> >> > way.
> >> >>
> >> >> Actually, I decided it wasn't such a good example anyway.
> >> >> That capability could potentially be generic. (But it probably
> >> >> should better have been named something like 'CAP_WAKE_SYSTEM'.)
> >> >
> >> > How about:
> >> >
> >> > Subject: [PATCH 1/1] capabilities: alias CAP_WAKE_SYSTEM to CAP_WAKE_ALARM
> >> >
> >> > As suggested by Michael Kerrisk his is a less confusing name, and
> >> > this won't break any old userspace.
> >> >
> >> > Signed-off-by: Serge Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
> >> > Cc: Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> >> > ---
> >> > include/uapi/linux/capability.h | 2 ++
> >> > 1 file changed, 2 insertions(+)
> >> >
> >> > diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> >> > index fd4f87d..ba972ff 100644
> >> > --- a/include/uapi/linux/capability.h
> >> > +++ b/include/uapi/linux/capability.h
> >> > @@ -357,6 +357,8 @@ struct vfs_ns_cap_data {
> >> >
> >> > #define CAP_WAKE_ALARM 35
> >> >
> >> > +#define CAP_WAKE_SYSTEM CAP_WAKE_ALARM
> >> > +
> >>
> >> I was thinking of the same thing. Although I might rename the
> >> numerical define to WAKE_SYSTEM and put WAKE_ALARM as the alias (along
> >> with a comment as to WAKE_ALARM being deprecated), so its more clear
> >> which is the one that ought to be used by new code.
> >>
> >> However, in the spirit of this thread, we might even consider
> >> broadening the cap silo a bit further, to something like
> >> CAP_WAKE_SUSPEND, such that it might also be able to cover broader PM
> >> actions?
> >
> > Or just CAP_UNSUSPEND?
>
> I guess I was trying to capture it could be use for actions like both
> waking and suspending the system.
Well, CAP_SYS_PM comes to mind then.
Thanks,
Rafael
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-12-19 20:24 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-15 11:40 RFC: capabilities(7): notes for kernel developers Michael Kerrisk (man-pages)
2016-12-15 11:40 ` Michael Kerrisk (man-pages)
2016-12-15 16:29 ` Casey Schaufler
2016-12-15 16:29 ` Casey Schaufler
2016-12-15 19:41 ` Michael Kerrisk (man-pages)
2016-12-15 20:40 ` Casey Schaufler
2016-12-15 20:40 ` Casey Schaufler
2016-12-16 0:31 ` John Stultz
2016-12-16 0:31 ` John Stultz
2016-12-16 0:44 ` Casey Schaufler
2016-12-16 14:55 ` Michael Kerrisk (man-pages)
2016-12-16 14:55 ` Michael Kerrisk (man-pages)
2016-12-16 20:10 ` Serge E. Hallyn
2016-12-16 20:10 ` Serge E. Hallyn
2016-12-16 20:20 ` John Stultz
2016-12-16 21:05 ` Serge E. Hallyn
2016-12-16 21:16 ` John Stultz
2016-12-16 21:16 ` John Stultz
2016-12-19 20:20 ` Rafael J. Wysocki [this message]
2016-12-19 20:20 ` Rafael J. Wysocki
2016-12-17 21:01 ` Michael Kerrisk (man-pages)
2016-12-16 15:04 ` Michael Kerrisk (man-pages)
2016-12-16 15:04 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1901394.l2S6b8SCmT@aspire.rjw.lan \
--to=rjw@rjwysocki.net \
--cc=casey@schaufler-ca.com \
--cc=ebiederm@xmission.com \
--cc=jann@thejh.net \
--cc=jmorris@namei.org \
--cc=john.stultz@linaro.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.