"Khimenko Victor" <khim@sch57.msk.ru> said:
[...]
> IMNSHO trusted mode or untrusted mode should be filesystem flag: in trusted
> mode LOTS of programs should be configured differently. Perhaps mount option
> will be enough. It's NOT system-wide issue, rather filesystem-wide (kernel
> works in trusted mode even now (modulo things like mtrr not yet converted to
> capabilities), just exec part work in non-trusted mode...
I fail to see the connection between filesystem and proceses being able (or
not) to bind to a low port, for instance. OK, so if your httpd resides on
FAT, it has no capabilities and won't work at all. Big deal. OTOH, a mount
flag in the vein of suid or dev is mandatory to ensure nobody smuggles in a
capable binary from elsewhere by mounting a floppy...
But AFAIKS capabilities is a systemwide decision. And even if it wasn't,
binding this to the specific filesystem (or mount flags) is extra
complexity, both in-kernel and for the sysadmin. Complexity precisely in
the areas where you don't want any of it. No dice.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viņa del Mar, Chile +56 32 672616- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST