linux-security-module January 2008 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: [PATCH 2/4] containers: add CAP_NS_OVERRI

[PATCH 2/4] containers: add CAP_NS_OVERRIDE capability

From: Serge E. Hallyn <serue_at_nospam>
Date: Mon Jan 28 2008 - 19:09:40 GMT
To: "Serge E. Hallyn" <serue@us.ibm.com>


>From ce1cf14000860f82ab59a5253bbe468da767e77f Mon Sep 17 00:00:00 2001
From: sergeh@us.ibm.com <sergeh@us.ibm.com> Date: Wed, 28 Nov 2007 18:52:28 -0800
Subject: [PATCH 2/4] containers: add CAP_NS_OVERRIDE capability

containers: add CAP_NS_OVERRIDE capability

Signed-off-by: sergeh@us.ibm.com <hallyn@kernel.(none)> --- include/linux/capability.h | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 7d50ff6..58bc24e 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -332,7 +332,14 @@ typedef struct kernel_cap_struct { #define CAP_MAC_ADMIN 33 -#define CAP_LAST_CAP CAP_MAC_ADMIN +/* Allow acting on resources in another namespace. In + particular: + 1. when combined with CAP_KILL, kill users in another + user namespace + */ +#define CAP_NS_OVERRIDE 34 + +#define CAP_LAST_CAP CAP_NS_OVERRIDE #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) -- 1.5.1 - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html