src/patches/suse-2.6.27.25/patches.suse/file-capabilities-disable-by-default.diff

   1 From: Andreas Gruenbacher <agruen@suse.de>
   2 Subject: Disable file capabilities by default
   3
   4 Disable file capabilities by default: we are still lacking documentation
   5 and file capability awareness in system management tools.
   6
   7 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
   8
   9 ---
  10  Documentation/kernel-parameters.txt |    2 +-
  11  kernel/capability.c                 |    2 +-
  12  2 files changed, 2 insertions(+), 2 deletions(-)
  13
  14 --- a/Documentation/kernel-parameters.txt
  15 +++ b/Documentation/kernel-parameters.txt
  16 @@ -1403,7 +1403,7 @@ and is between 256 and 4096 characters.
  17                         Format: {"0" | "1"}
  18                         0 -- ignore file capabilities.
  19                         1 -- honor file capabilities.
  20 -                       Default value is 1.
  21 +                       Default value is 0.
  22
  23         nohalt          [IA-64] Tells the kernel not to use the power saving
  24                         function PAL_HALT_LIGHT when idle. This increases
  25 --- a/kernel/capability.c
  26 +++ b/kernel/capability.c
  27 @@ -34,7 +34,7 @@ EXPORT_SYMBOL(__cap_full_set);
  28  EXPORT_SYMBOL(__cap_init_eff_set);
  29
  30  #ifdef CONFIG_SECURITY_FILE_CAPABILITIES
  31 -int file_caps_enabled = 1;
  32 +int file_caps_enabled;
  33
  34  static int __init setup_file_caps(char *str)
  35  {