Hi!
> [snip]
> > Well, there's a trade off here. If you could have 32 bits basically
> > almost right away, and more would take longer, which would you choose?
> > Also, keep in mind that more bits is not necessarily good. There is a
> > *huge* complexity cost in maintaining capabilities. People have enough
> > trouble keeping track of the 12 bits of permissions on a per file
> > basis. This adds one or two orders of magnitude of more bits for every
> > executable.
> [snip]
>
> Figured I peep in here. I'm running a system that makes heavy use of caps.
> Every daemon is in a chroot jail, every processes that needs more then
> normal user access, uses capabilities. I've even globally droped some caps
> (the rawio/blockdevice cap provided by a patch).
Please take a look at
http://atrey.karlin.mff.cuni.cz/~pavel/caps/capbase.html, and look if
you could add some information.
Pavel
-- I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents me at discuss@linmodems.org- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:23 EST