Displaying 2 results from an estimated 2 matches for "usermodehelp".
Did you mean:
usermodehelper
2011 Aug 03
1
[PATCH v2] kinit: Add drop_capabilities support.
...ppens in three parts. We explicitly drop the
capability from init's inherited masks. We also drop the capability
from the bounding set using PR_CAPBSET_DROP so that later setuid execs
are bounded. Lastly, we drop the capabilities from the bset and
inheritted masks exposed at /proc/sys/kernel/usermodehelper if available
(introduced in Linux v3.0.0).
In all paths, we treat errors as fatal, as we do not want to continue to
boot if there was a problem dropping capabilities. We fail because the
new drop_capabilities= option on the command line mandates enforcement
of a security policy, and we should e...
2011 Jul 19
4
[PATCH v1 0/2] Support dropping of capabilities from early userspace.
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
last week.
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by