lcap
Ken D'Ambrosio
ken at jots.org
Wed Apr 7 09:46:45 EDT 2010
On Wed, April 7, 2010 9:40 am, Susan Cragin wrote:
> Wild guess...
> I bet that was when the standard security commands in Ubuntu got replaced
> with the security commands of SE Linux.
> http://en.wikipedia.org/wiki/Security-Enhanced_Linux
I bet your rationale is right, but from a specifics standpoint, wouldn't
that be AppArmor? I know that SE Linux is supported (as of 8.04) for
Ubuntu, but I believe that AppArmor is the default security mechanism.
-Ken
>
>
>
>
> -----Original Message-----
>
>> Hi,
>>
>>
>> I was doing a bit of catching up on security issues on Linux, and I
>> noticed on Ubuntu 9.10 that the lcap command that used to be available
>> about five years ago seems to have disappeared.
>>
>> lcap and its friends used to allow you to turn off capabilities in the
>> kernel so once you had made your files immutable with chattr you could
>> stop people from changing the immutable permissions again (until you
>> rebooted) by removing the ability of the kernel to change the
>> "immutable" flag.
>>
>>
>> Has lcap functionality been deprecated? Is there some other method of
>> controlling this? Is libcap-2 (sucap, execap, getpcaps, setpcaps) now
>> the preferred mechanism? I do not seem to find much "support" or
>> information for libcap-2 either, at least in Ubuntu, but then again I
>> am looking at the desktop version and not the server version.
>>
>> Thanks,
>>
>>
>> md
>
>
>
> _______________________________________________
> gnhlug-discuss mailing list gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the gnhlug-discuss
mailing list