search for: drop_caps

...[-c consoledev] /real-root /sbin/init [args]\n", + "Usage: exec %s [-d caps] [-c consoledev] /real-root /sbin/init [args]\n", program); exit(1); } @@ -62,6 +63,7 @@ int main(int argc, char *argv[]) const char *realroot; const char *init; const char *error; + const char *drop_caps = NULL; char **initargs; /* Variables... */ @@ -70,9 +72,11 @@ int main(int argc, char *argv[]) /* Parse the command line */ program = argv[0]; - while ((o = getopt(argc, argv, "c:")) != -1) { + while ((o = getopt(argc, argv, "c:d:")) != -1) { if (o == 'c'...

...: exec %s [-d caps] [-c consoledev] /real-root /sbin/init [args]\n", + "Usage: exec %s [-d caps] [-c consoledev] [-n] /real-root /sbin/init [args]\n", program); exit(1); } @@ -64,6 +65,7 @@ int main(int argc, char *argv[]) const char *init; const char *error; const char *drop_caps = NULL; + bool dry_run = false; char **initargs; /* Variables... */ @@ -72,11 +74,13 @@ int main(int argc, char *argv[]) /* Parse the command line */ program = argv[0]; - while ((o = getopt(argc, argv, "c:d:")) != -1) { + while ((o = getopt(argc, argv, "c:d:n")) != -...

...age: exec %s [-d caps] [-c consoledev] [-n] /real-root /sbin/init [args]\n", ++ "Usage: exec %s [-d caps] [-c consoledev] [-n] [-p] /real-root /sbin/init [args]\n", + program); + exit(1); + } +@@ -69,6 +72,7 @@ int main(int argc, char *argv[]) + const char *error; + const char *drop_caps = NULL; + bool dry_run = false; ++ bool persist_initramfs = false; + char **initargs; + + /* Variables... */ +@@ -77,13 +81,15 @@ int main(int argc, char *argv[]) + /* Parse the command line */ + program = argv[0]; + +- while ((o = getopt(argc, argv, "c:d:n")) != -1) { ++ while ((o...

This patch adds the ability to kinit to allow the dropping of POSIX capabilities. kinit is modified by this change, such that it understands the new kernel command line "drop_capabilities=" that specifies a comma separated list of capability names that should be dropped before switching over to the next init in the boot strap (typically on the root disk). When processing capabilities

...quot;Usage: exec %s [-d caps] [-c consoledev] [-n] /real-root /sbin/init [args]\n", + "Usage: exec %s [-d caps] [-c consoledev] [-n] [-p] /real-root /sbin/init [args]\n", program); exit(1); } @@ -69,6 +72,7 @@ int main(int argc, char *argv[]) const char *error; const char *drop_caps = NULL; bool dry_run = false; + bool persist_initramfs = false; char **initargs; /* Variables... */ @@ -77,13 +81,15 @@ int main(int argc, char *argv[]) /* Parse the command line */ program = argv[0]; - while ((o = getopt(argc, argv, "c:d:n")) != -1) { + while ((o = getopt(a...

...quot;Usage: exec %s [-d caps] [-c consoledev] [-n] /real-root /sbin/init [args]\n", + "Usage: exec %s [-d caps] [-c consoledev] [-n] [-p] /real-root /sbin/init [args]\n", program); exit(1); } @@ -69,6 +72,7 @@ int main(int argc, char *argv[]) const char *error; const char *drop_caps = NULL; bool dry_run = false; + bool persist_initramfs = false; char **initargs; /* Variables... */ @@ -77,13 +81,15 @@ int main(int argc, char *argv[]) /* Parse the command line */ program = argv[0]; - while ((o = getopt(argc, argv, "c:d:n")) != -1) { + while ((o = getopt(a...

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

...: exec %s [-d caps] [-c consoledev] /real-root /sbin/init [args]\n", + "Usage: exec %s [-d caps] [-c consoledev] [-n] /real-root /sbin/init [args]\n", program); exit(1); } @@ -64,6 +68,7 @@ int main(int argc, char *argv[]) const char *init; const char *error; const char *drop_caps = NULL; + bool dry_run = false; char **initargs; /* Variables... */ @@ -72,11 +77,13 @@ int main(int argc, char *argv[]) /* Parse the command line */ program = argv[0]; - while ((o = getopt(argc, argv, "c:d:")) != -1) { + while ((o = getopt(argc, argv, "c:d:n")) != -...

The following patches come from Debian and/or Ubuntu packages of klibc. Ben. Ben Hutchings (1): [klibc] run-init: Add dry-run mode Jay Vosburgh (1): [klibc] ipconfig: Use separate sockets for DHCP from multiple interfaces Mathieu Trudel-Lapierre (1): [klibc] ipconfig: Set broadcast when sending DHCPREQUEST and DHCPDISCOVER YunQiang Su (1): [klibc] mips: setjmp.S: don't

Hello, While some people might scuba dive, let's summarize recent progress and state (People cc'ed have either patches in queue or are involved): * Patches pending review, allmost ready for klibc ------------------------------------------------- - mikew/drop_cap - kinit: Add drop_capabilities support adds the ability to kinit to allow the dropping of POSIX capabilities. (patch even

Hello all, this patch allows master process to drop more root priveleges under Solaris. My limited testing shows that code works, but I'm not sure that defined privilege set is permissive enough for dovecot. Unfortunately I have no root access to our Solaris servers to really test it. So if someone is ready to test this patch please do it :) Best regards. -------------- next part

The stdio klibc branch got merged into klibc properly, meaning the I/O being buffered. klibc gained with it support for several stream functions. This massive work got authored by hpa. ipconfig saw several note worthy enhancement allowing the generation of a proper lease file. kinit added fs mount according to /etc/fstab or bootparam. Plus several arch fixes for the usual suspects: alpha, i386,