From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754057AbbCBPnY (ORCPT ); Mon, 2 Mar 2015 10:43:24 -0500 Received: from resqmta-ch2-10v.sys.comcast.net ([69.252.207.42]:46642 "EHLO resqmta-ch2-10v.sys.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753735AbbCBPnV (ORCPT ); Mon, 2 Mar 2015 10:43:21 -0500 Date: Mon, 2 Mar 2015 09:43:17 -0600 (CST) From: Christoph Lameter X-X-Sender: cl@gentwo.org To: "Serge E. Hallyn" cc: Serge Hallyn , Andy Lutomirski , Jonathan Corbet , Aaron Jones , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, akpm@linuxfoundation.org, "Andrew G. Morgan" , Mimi Zohar , Austin S Hemmelgarn , Markku Savela , Jarkko Sakkinen , linux-api@vger.kernel.org, Michael Kerrisk Subject: Re: [PATCH] capabilities: Ambient capability set V2 In-Reply-To: <20150301044407.GA14196@mail.hallyn.com> Message-ID: References: <20150301044407.GA14196@mail.hallyn.com> Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 28 Feb 2015, Serge E. Hallyn wrote: > Your example program is not filling in pI though? The setcap sets the inheritance bit. When the binary runs the i bits should be set. > Ah, i see why. In get_file_caps() you are still assigning > > fP = pA > > if the file has no file capabilities. so then you are actually > doing > > pP' = (X & (fP | pA)) | (pI & (fI | pA)) > rather than > pP' = (X & fP) | (pI & (fI | pA)) I thought that fP, fI and pI = {} since the file has no caps so this comes out as pP' = pA > Other than that, the patch is looking good to me. We should > consider emitting an audit record when a task fills in its How do I do that? > pA, and I do still wonder whether we should be requiring > CAP_SETFCAP (unsure how best to think of it). But assuming the > fP = pA was not intended, I think this largely does the right > thing.