Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Allow the use of capabilities over setuid bit #121
Conversation
Conan-Kudo
commented
Aug 26, 2016
|
|
|
This should be fine. I wanted to make sure that AT_SECURE was still set when using 'setcap cap_sys_admin=pe ...' since with recent changes to use 'change_profile unsafe...' we are relying secure exec to be set so the the variables are be cleared. Simple test:
|
zyga
merged commit 42ef2c5
into
master
Sep 12, 2016
1 check passed
continuous-integration/travis-ci/pr
The Travis CI build passed
Details
zyga
deleted the
caps
branch
Sep 12, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
zyga commentedAug 26, 2016
This patch adds a build-time configuration option
"--enable-caps-over-setuid" that allows distributors that wish to use
filesystem capabilities to do that instead of using setuid root
executables.
The actual change disables a fragment that checked if the user runs as
root and tweaks installation. It got minimal testing on Fedora 24.
Fixes: https://bugs.launchpad.net/snap-confine/+bug/1615610
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com