Changeset 2293


Ignore:
Timestamp:
Aug 8, 2012, 11:15:29 AM (9 years ago)
Author:
ezyang
Message:
File capabilities respect nosuid too (https://github.com/torvalds/linux/blob/v3.5/security/commoncap.c#L434), so omit /var/lib/mock fscap files too.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/cron.d/check-filecaps

    r2066 r2293  
    11MAILTO=scripts-root@mit.edu
    2 27 5 * * * root find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list | sed 's/^/Extra file_caps binary: /'
     227 5 * * * root find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list | grep -ve ^/var/lib/mock/ | sed 's/^/Extra file_caps binary: /'
Note: See TracChangeset for help on using the changeset viewer.