[klibc] [PATCH v1 0/2] Support dropping of capabilities from early userspace.
mikew at google.com
Tue Jul 19 13:38:43 PDT 2011
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by adding a "drop capabilities" ability to
both kinit and run-init in the klibc package. For kinit, it now
understands a new kernel command line option, "drop_capabilities" that
specifies a comma separated list of capability names that should be
dropped right before execing the next init binary on the next root
run-init also has the ability to use this drop_capabilities function by
specifying capabilities that should be dropped with a new command line
Given that this patchset is meant to help secure boots, we treat any
errors as total failure to boot by exiting the process with a failing
- Thread discussing my wanting to compile out kernel interfaces that
we do not want to expose to the userspace environment, with Alan
Cox convincing me that I really just want to disable certain
syscalls: Add capset and capget
run-init: Add drop_capabilities support.
More information about the klibc