From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752884AbbCGVf7 (ORCPT ); Sat, 7 Mar 2015 16:35:59 -0500 Received: from h2.hallyn.com ([78.46.35.8]:37437 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752803AbbCGVf4 (ORCPT ); Sat, 7 Mar 2015 16:35:56 -0500 Date: Sat, 7 Mar 2015 15:35:54 -0600 From: "Serge E. Hallyn" To: Christoph Lameter Cc: "Serge E. Hallyn" , Andy Lutomirski , Serge Hallyn , Jonathan Corbet , Aaron Jones , LSM List , "linux-kernel@vger.kernel.org" , Andrew Morton , "Andrew G. Morgan" , Mimi Zohar , Austin S Hemmelgarn , Markku Savela , Jarkko Sakkinen , Linux API , Michael Kerrisk Subject: Re: [PATCH] capabilities: Ambient capability set V2 Message-ID: <20150307213554.GB9833@mail.hallyn.com> References: <20150301233359.GA22196@mail.hallyn.com> <20150305171326.GA14998@mail.hallyn.com> <20150306163443.GA28386@mail.hallyn.com> <20150306200838.GA29198@mail.hallyn.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 07, 2015 at 09:09:05AM -0600, Christoph Lameter wrote: > On Fri, 6 Mar 2015, Serge E. Hallyn wrote: > > > > I think that's right. fI doesn't set pI. > > > > Right. The idea is that for the running binary to get capability x in its > > pP, its privileged ancestor must have set x in pI, and the binary itself > > must be trusted with x in fI. > > The ancestor here is ambient_test and when it is run pI will not be set > despite the cap setting. ambient_test is supposed to set it. > Therefore anything is spawns cannot have the inheritance bits set either. > This plainly does not make any sense whatsoever. If this is so as it seems > to be then we should be able to remove the inheritance bits because they > have no effect. >