OS-3951: lxbrand convert capabilities syscalls to IKE

Details

Issue Type:Bug
Priority:4 - Normal
Status:Open
Created at:2015-02-27T15:55:38.000Z
Updated at:2019-08-28T17:20:22.697Z

People

Created by:Former user
Reported by:Former user

Related Issues

Labels

lxbrand

Description

Doing so would eliminate some of the racy code and probably make it easier to implement some of the features we lack today.

Comments

Comment by Former user
Created at 2016-08-18T20:47:41.000Z

While chatting with Jerry about this, one idea that came up was the concept of a branded cred_t. That might be a neat way to ensure that restrictions established in LX processes aren't stripped away via a trip through a native exec() or something.