]>
Commit | Line | Data |
---|---|---|
6a930a95 BS |
1 | From: Andreas Gruenbacher <agruen@suse.de> |
2 | Subject: Disable file capabilities by default | |
3 | ||
4 | Disable file capabilities by default: we are still lacking documentation | |
5 | and file capability awareness in system management tools. | |
6 | ||
7 | Signed-off-by: Andreas Gruenbacher <agruen@suse.de> | |
8 | ||
9 | --- | |
10 | Documentation/kernel-parameters.txt | 2 +- | |
11 | kernel/capability.c | 2 +- | |
12 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
13 | ||
14 | --- a/Documentation/kernel-parameters.txt | |
15 | +++ b/Documentation/kernel-parameters.txt | |
16 | @@ -1410,7 +1410,7 @@ and is between 256 and 4096 characters. | |
17 | Format: {"0" | "1"} | |
18 | 0 -- ignore file capabilities. | |
19 | 1 -- honor file capabilities. | |
20 | - Default value is 1. | |
21 | + Default value is 0. | |
22 | ||
23 | nohalt [IA-64] Tells the kernel not to use the power saving | |
24 | function PAL_HALT_LIGHT when idle. This increases | |
25 | --- a/kernel/capability.c | |
26 | +++ b/kernel/capability.c | |
27 | @@ -34,7 +34,7 @@ EXPORT_SYMBOL(__cap_full_set); | |
28 | EXPORT_SYMBOL(__cap_init_eff_set); | |
29 | ||
30 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | |
31 | -int file_caps_enabled = 1; | |
32 | +int file_caps_enabled; | |
33 | ||
34 | static int __init setup_file_caps(char *str) | |
35 | { |