search for: cap_sys_module

...libvirt lxc driver, and wondering if there is some way to control the capabilities assigned to the container processes. With lxc-tools, I can specify a configuration option, lxc.cap.drop, which causes the container processes to drop the specified privileges. My libvirt containers seem to run with cap_sys_module,cap_sys_boot,cap_sys_time,cap_audit_control,cap_mac_admin which is rather more permissive than I'd like. In particular, cap_sys_boot allows a container to reboot the host machine. I am running libvirt-0.9.2 from squeeze-backports on debian squeeze. Cheers, -C-

...t. The patch attached to this email has been tested and seems to work for me. I have also attached instead of inline to solve problems with spaces/tabs. The patch will, on systems that have libcap support, drop capabilities that Dovecot doesn't need. For example there is no need for CAP_SYS_MODULE, which enables module loading or CAP_SYS_PTRACE/CAP_SYS_ADMIN/etc. If libcap isn't installed then nothing will change, this is a compile-time only enhancement that isn't configurable. Personally I did not find that CAP_SYS_CHROOT was needed in order for me to authenticate and acce...

...wer state changed by ACPI to D3 [ 94.732456] ehci_hcd 0000:00:1a.0: power state changed by ACPI to D3 [ 99.219571] tun: Universal TUN/TAP device driver, 1.6 [ 99.219581] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> [ 99.219945] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-tun instead. [ 99.225243] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-tun instead. [ 99.230935] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Us...

...P(CAP_KILL), + MAKE_CAP(CAP_SETGID), + MAKE_CAP(CAP_SETUID), + MAKE_CAP(CAP_SETPCAP), + MAKE_CAP(CAP_LINUX_IMMUTABLE), + MAKE_CAP(CAP_NET_BIND_SERVICE), + MAKE_CAP(CAP_NET_BROADCAST), + MAKE_CAP(CAP_NET_ADMIN), + MAKE_CAP(CAP_NET_RAW), + MAKE_CAP(CAP_IPC_LOCK), + MAKE_CAP(CAP_IPC_OWNER), + MAKE_CAP(CAP_SYS_MODULE), + MAKE_CAP(CAP_SYS_RAWIO), + MAKE_CAP(CAP_SYS_CHROOT), + MAKE_CAP(CAP_SYS_PTRACE), + MAKE_CAP(CAP_SYS_PACCT), + MAKE_CAP(CAP_SYS_ADMIN), + MAKE_CAP(CAP_SYS_BOOT), + MAKE_CAP(CAP_SYS_NICE), + MAKE_CAP(CAP_SYS_RESOURCE), + MAKE_CAP(CAP_SYS_TIME), + MAKE_CAP(CAP_SYS_TTY_CONFIG), + MAKE_CAP(CAP_MKNOD...

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by