POSIX capabilities

Discussion in 'all things UNIX' started by Gullible Jones, Feb 7, 2013.

Thread Status:
Not open for further replies.
  1. Something interesting (if rather old) that I found:

    ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt

    POSIX capabilities are still around in the 3.x kernels, you just need the getcap and setcap utilities. Among other things, you can use this to remove the need for Xorg to be setuid (though there are some wrinkles with non-KMS drivers).

    It doesn't look like capabilities can be used for any kind of policy sandboxing; OTOH I'm interested in to what extent they can replace setuid/setgid, because they seem like a much saner way of doing what's needed. So if anyone has experience using this stuff, please stop by and mention what you know...

    P.S. FreeBSD also supports POSIX capabilities. Unfortunately it looks like OpenBSD and NetBSD don't, though.
     
Loading...
Thread Status:
Not open for further replies.