[OpenWrt-Devel] Enable security labels on ext4?

Etienne Champetier champetier.etienne at gmail.com
Sun Nov 11 12:25:32 EST 2018


Hi Mike,

(resend as text as html mail are blocked)

Le sam. 10 nov. 2018 à 22:59, W. Michael Petullo <mike at flyn.org> a écrit :
>
> Capabilities are an important security mechanism on Linux because they
> allow programs to run with fewer privileges.

What you really want is ambient capabilities (Linux 4.3+), it allow
you to keep just some capabilities as non root and without filesystem
support, so this can be supported in all cases

Etienne

> I would like to propose that
> we enable security labels by default on filesystems like ext4. This is
> done by selecting the following kernel build option:
>
>         File systems -> (The Extended 4 (ext4) filesystem) Ext4 Security
>         Labels
>
> I have already submitted a pull request which should allow
> our build servers to provide the corresponding libcap utilities. See:
>
>         https://github.com/openwrt/packages/pull/7368
>
> --
> Mike
>
> :wq
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list