git.ipfire.org Git - people/amarx/ipfire-3.x.git/commit

]> git.ipfire.org Git - people/amarx/ipfire-3.x.git/commit

projects / people / amarx / ipfire-3.x.git / commit

author	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 22 Apr 2012 12:26:16 +0000 (14:26 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 22 Apr 2012 12:26:16 +0000 (14:26 +0200)
commit	920b801b6e82dcc46a2d52e52167d977e281b5a6
tree	0937df9b1548e2b91f9227c9ebfd67cc5429d060	tree \| snapshot
parent	a383339280029fd4ef8a1fe494f9f0447540ab88	commit \| diff

kernel: Re-enable capabilities in chroots.

The grsecurity patch creates an option to disallow using most
of the capabilities. This is good to deny non-root users
to allow changing networking stuff (NET_ADMIN) and more.

However, we make a lot use of chroots, but to keep the chrooted
services able to their things, we need to give them the rights
to do so.

The change requires to change the grsecurity security level
option from HIGH to CUSTOM.

kernel/config-armv7hl-omap		diff \| blob \| blame \| history
kernel/config-generic		diff \| blob \| blame \| history
kernel/config-x86-generic		diff \| blob \| blame \| history
kernel/kernel.nm		diff \| blob \| blame \| history

Alex's tree of IPFire 3.x

RSS Atom