Re: Capabilities

From: Chris Evans (chris@ferret.lmh.ox.ac.uk)
Date: Thu Feb 10 2000 - 17:58:24 EST


On Thu, 10 Feb 2000, Matthew Kirkwood wrote:

[this is about a proposed new piece of capabilities functionality]

> Don't claim that this is complexity. A(n untested) patch to
> implement it is appended to this email. It really is that
> easy.

Of course it is complexity! The size of patch is irrelevant. The issue is
that we've added another setting, yet another variable to the capabilities
subsystem. And it is an unneccessary variable.

> > We don't want to introduce temporary kernel tweaks between now and
> > such time as we have filesystem support for capabilities, because then
> > people will _use_ that support and we could get stuck with it.
>
> The all-powerful-root legacy is so great that the additional
> hassle of rooting out problems caused by this change are far,
> far outweighed by its usefulness, IMHO.

If you are impatient for filesystem capabilities support (as am I), the
same effect can be achieved by using the libcap library from within
privileged programs. Using this method, or proper filesystem capabilities
when they become available, you get per-program control rather than
per-system

Cheers
Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:18 EST