Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
At Fri, 20 Mar 2009 15:05:24 +0300,
Igor Sysoev <is@xxxxxxxxxxxxx> wrote:
>
>
> Почему потеряем upgrade ? CAP_INHERITABLE разве не передаст bind capability
> новому бинарнику ?
>
Передаст. Можно его потерять если администратор не разрулит ситуацию с
переименованием pid'а. Это я не досказал мысль.
--
wbr, Kirill
- References:
- [PATCH] Start use capabilities on linux
- From: Kirill A. Korinskiy
- Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
- Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
- Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
- Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
- Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
- From: Kirill A . Korinskiy
- Re: [PATCH 2/2] Setting more capabilities(CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH and CAP_SETUID).
|
