[OpenWrt-Devel] Enable security labels on ext4?
Etienne Champetier
champetier.etienne at gmail.com
Sun Nov 11 12:25:32 EST 2018
Hi Mike,
(resend as text as html mail are blocked)
Le sam. 10 nov. 2018 à 22:59, W. Michael Petullo <mike at flyn.org> a écrit :
>
> Capabilities are an important security mechanism on Linux because they
> allow programs to run with fewer privileges.
What you really want is ambient capabilities (Linux 4.3+), it allow
you to keep just some capabilities as non root and without filesystem
support, so this can be supported in all cases
Etienne
> I would like to propose that
> we enable security labels by default on filesystems like ext4. This is
> done by selecting the following kernel build option:
>
> File systems -> (The Extended 4 (ext4) filesystem) Ext4 Security
> Labels
>
> I have already submitted a pull request which should allow
> our build servers to provide the corresponding libcap utilities. See:
>
> https://github.com/openwrt/packages/pull/7368
>
> --
> Mike
>
> :wq
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list