validity test in cap_set_proc(), POSIX.1e 25.4.15.2

[Andrew Morgan]

Robert Watson wrote:
> In our currently implementation, we impose an additional check on cap_p
> provided to cap_set_proc(): we require that the resulting capability set
> be "valid" in the sense that the new effective capabilities be a subset of
> the new permitted capabilities.  Does anyone else take this reading, and
> if not, is there a good reason not to?

This is also the interpretation that we used.

Cheers

Andrew

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message