qole;

Here's what I've done so far and what I suspect might bring it a bit closer.

Keep in mind, this is pure speculation as I have absolutely ZERO knowledge with Aegis, or any TCP.

We'll need to modify `/var/lib/aegis/restok/restok.conf` and insert a capability request for a single binary that will execute and drop into the chroot environment.

and then run `aegis-loader` to reload the configuration file. More capabilities might be needed, such as sys_mknod, sys_resource or rawio and you may have to register through dbus in order for it to all work?

Once /opt/qole-chroot-exec is run, it will eventually request capabilities from aegis and assumingly, if running in "relaxed mode", it will give authorize the above capabilities under suidroot (uid 0) for the unsigned binary -- allowing for a rudimentary root change. Whether or not after that, you can exec binaries, is a piss in the wind.

I don't know the flow of the TC implementation, so again this is just how I imagine it might work. It's all negated if injecting into com.nokia.* requires signatures.

See https://meego.gitorious.org/meego-pl.../credp/credp.c for what looks like how restok is handled when setting policy credentials and a bit more of what happens.