Bug 558612

Summary: Tracker for improvements based on restricted capabilities
Product: [Fedora] Fedora Reporter: Miloslav Trmač <mitr>
Component: distributionAssignee: Miloslav Trmač <mitr>
Status: CLOSED WONTFIX QA Contact: Bill Nottingham <notting>
Severity: low Docs Contact:
Priority: low    
Version: 13CC: dcantrell, rvokal, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-02 13:13:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 558614    
Bug Blocks:    

Description Miloslav Trmač 2010-01-25 20:00:01 UTC 
This page tracks possible improvements to Fedora's security based on restricted POSIX capabilities.

See https://fedoraproject.org/wiki/Features/LowerProcessCapabilities , https://fedoraproject.org/wiki/Features/ProtectingBinariesUsingCapabilities for rationale.
Comment 1 Bug Zapper 2010-03-15 14:13:19 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle.
Changing version to '13'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Miloslav Trmač 2010-07-02 13:13:48 UTC 
I don't plan to implement these changes any more - in particular because the file owner can change the permissions without CAP_DAC_OVERRIDE.