1 From: Andreas Gruenbacher <agruen@suse.de>
2 Subject: Disable file capabilities by default
4 Disable file capabilities by default: we are still lacking documentation
5 and file capability awareness in system management tools.
7 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
10 Documentation/kernel-parameters.txt | 2 +-
11 kernel/capability.c | 2 +-
12 2 files changed, 2 insertions(+), 2 deletions(-)
14 --- a/Documentation/kernel-parameters.txt
15 +++ b/Documentation/kernel-parameters.txt
16 @@ -1403,7 +1403,7 @@ and is between 256 and 4096 characters.
18 0 -- ignore file capabilities.
19 1 -- honor file capabilities.
23 nohalt [IA-64] Tells the kernel not to use the power saving
24 function PAL_HALT_LIGHT when idle. This increases
25 --- a/kernel/capability.c
26 +++ b/kernel/capability.c
27 @@ -34,7 +34,7 @@ EXPORT_SYMBOL(__cap_full_set);
28 EXPORT_SYMBOL(__cap_init_eff_set);
30 #ifdef CONFIG_SECURITY_FILE_CAPABILITIES
31 -int file_caps_enabled = 1;
32 +int file_caps_enabled;
34 static int __init setup_file_caps(char *str)