[Linux-privs-discuss] Re: Capabilities/privileges and bounding sets
Andrew Morgan
morgan at transmeta.com
Fri Jan 19 18:09:37 GMT 2001
So, Robert and I had a long email exchange off-line and here is the
bounding set API:
int cap_set_bound(cap_t cap_d, cap_flag_t flavor);
cap_t cap_get_bound(cap_flag_t flavor);
The rationale for this API is simply that it is a minimal change to the
POSIX one, and leverages everything that the POSIX one offers.
Basically, the getting and setting of the bounding set is done using a
regular cap_t structure. Since the bounding set is a single capability
set, we need a method for selecting one of the three capability setsto
use when we query or set the bounding set - this is what the cap_flag_t
argument is for.
The bounding set is the 'X' in the capability rules:
pI' = pI
pP' = ( fP & X ) | ( fI & pI )
pE' = fE & pP' .
Example usage:
cap_d = cap_get_proc();
cap_set_bound(cap_d, CAP_INHERITABLE)
This bounds the children of the current process with the process'
current inheritable set. [Incidentally, this is what the latest libcap
and Linux kernel patch provides.]
Cheers
Andrew
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list