Displaying 3 results from an estimated 3 matches for "trim_capabilities".
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert
2017 Mar 02
0
cifs-utils release 6.7 ready for download
...uthor: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 16 09:55:45 2017 -0500
cifs.upcall: trim even more capabilities
We really only need CAP_DAC_READ_SEARCH, not CAP_DAC_OVERRIDE, and
only when we are going to probe the environ file.
Also, fix the non-libcap-ng trim_capabilities prototype.
Reviewed-by: Simo Sorce <simo at redhat.com>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit 912cbe49114392bd7c375c4c37698d406eb0660e
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 23 18:49:59 2017 -0500
data_blob: remove need for...