[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1239827033.32604.167.camel@nimitz>
Date: Wed, 15 Apr 2009 13:23:53 -0700
From: Dave Hansen <dave@...ux.vnet.ibm.com>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: "Serge E. Hallyn" <serue@...ibm.com>, xemul@...allels.com,
containers@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, hch@...radead.org,
akpm@...ux-foundation.org, torvalds@...ux-foundation.org,
mingo@...e.hu
Subject: Re: CAP_SYS_ADMIN on restart(2) (was: Re: [PATCH 00/30] C/R
OpenVZ/Virtuozzo style)
On Wed, 2009-04-15 at 23:21 +0400, Alexey Dobriyan wrote:
> Is sysctl to control CAP_SYS_ADMIN on restart(2) OK?
If the point is not to let users even *try* restarting things if it
*might* not work, then I guess this might be reasonable.
If the goal is to increase security by always requiring CAP_SYS_ADMIN
for "dangerous" operations, I fear it will be harmful. We may have
people adding features that are not considering the security impact of
what they're doing just because the cases they care about all require
privilege.
What would the goal be?
-- Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists