> > In include/linux/capability.h, CAP_CHOWN is said to allow overriding
> > giving away a file if _POSIX_CHOWN_RESTRICTED is defined. We don't have
> > _POSIX_CHOWN_RESTRICTED defined (or tested) but CAP_CHOWN does override the
> > restriction of allowing the giving away of a file.
> >
> > Which should it be: Linux always prohibits giving away files and CAP_CHOWN
> > overrides that, or should we be checking for _POSIX_CHOWN_RESTRICTED and
> > disallowing it if set, else permitting?
>
> The C library header files should define _POSIX_CHOWN_RESTRICTED.
> (user apps then use #ifdef to adjust for implementation features)
>
> Most likely, the glibc headers define this somewhere.
> Try looking in <unistd.h>, <stddef.h>, and similar headers.
---------
What is implemented or defined in libc is not relevant
from the kernel's perspetive. In this case, CAP_CHOWN allows sys_chown
to give away files regardless of _POSIX_CHOWN_RESTRICTED.
Also, another ... CAP_DAC_READ_SEARCH is documented to override
ACL's, but ACL's aren't implemented, so currently the reference is
misleading. It is also docmented to not override DAC access
covered by IMMUTABLE. While this is true, again -- it's not
relevant since READ_SEARCH only covers reading -- while IMMUTABLE
covers writing. It would be saying 'the read permission bit
does not exclude DAC covered by the write permission bit'. Like
"duh". :-)
-l
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 24 2000 - 00:32:44 EDT