Re: xdg-app without setuid
- From: Alexander Larsson <alexl redhat com>
- To: gnome-os-list gnome org
- Subject: Re: xdg-app without setuid
- Date: Fri, 29 May 2015 10:48:52 +0200
On tor, 2015-05-28 at 22:31 +0200, Alexander Larsson wrote:
I just pushed some changes to make xdg-app use user namespaces, which
means it does not require any elevated permissions like setuid or
setcap.
I need to do some more testing on it to make sure nothing broke, but it
seems to work for me.
However, there is an issue with some 4.0.x kernels, where it causes a
panic. For fedora this is fixed in the 4.0.4-302 kernel (and it works
with previous 3.19 kernels). If you want to test this, make sure you
have a new enough or old enough kernel.
I added back the old setuid implementation if you pass --disable-userns
to configure, since some old distros don't have user namespaces.
However, my recommendation is for everyone that can to use the user
namespace implementation, it is less risky as there are no increased
privileges needed.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl redhat com alexander larsson gmail com
He's a deeply religious crooked vampire hunter who dotes on his loving
old ma. She's a mentally unstable red-headed research scientist with a
song in her heart and a spring in her step. They fight crime!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]