Capabilities/privileges and bounding sets

[Andrew Morgan]

Robert,

Robert Watson wrote:
> I've been thinking through some of the implementation details on bounding
> sets and tend to agree with your conclusion that it is possibly to
> implement the required bounding exclusively through the X parameter in the

Yes.

> inheritance properties.  Right now, in my implementation I am providing a
> cap_set_proc_mask(cap_t cap) call, which allows the setting of the process
> mask, as I'm not currently including it in the base three flags for the
> capability set.  I'm not entirely decided if this is the right means for
> managing the inherited capability mask as yet; the other possibility we've
> been thinking about is to add CAP_BOUND, a new flag for each capability,
> indicating whether that capability is permitted acording the the current
> bound.

Are you saying that you have extended your definition for cap_t to be a
four member set, but that the regular cap_set_{proc,file}() API ignores
the value of the new fourth member? Only your cap_set_proc_mask()
function will set its value?

By adding CAP_BOUND (for functions like cap_[gs]et_flag()), you can
leverage other parts of the API to manipulate this new set?

How were you planning to set the bound on a filesystem?

Cheers

Andrew
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message