Re: [PATCH] [request for inclusion] Realtime LSM

From: Matt Mackall
Date: Fri Jan 07 2005 - 15:13:28 EST

Next message: Matt Mackall: "Re: [PATCH] [request for inclusion] Realtime LSM"
Previous message: Christoph Lameter: "Re: From last __GFP_ZERO changes"
In reply to: Alan Cox: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Olaf Dietsche: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 07, 2005 at 01:55:09AM +0000, Alan Cox wrote:
> On Gwe, 2005-01-07 at 01:13, Matt Mackall wrote:
> > You can't fix them without changing the semantics for existing users
> > in ways they didn't expect. It could be done with a new personality flag,
> > but..
>
> I disagree. At the most trivial you could just add another 32bits of
> sticky capability that are never touched by setuid/non-setuidness and
> represent additional "user" (or more rightly session) abilities to do
> limited overrides

I think we're referring to different brokenness. The problems I see
are with the semantics of inheritance of capabilities which make
wrapping applications painful. Those can't be changed without creating
holes in existing apps so the general utility of caps is limited.

--
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matt Mackall: "Re: [PATCH] [request for inclusion] Realtime LSM"
Previous message: Christoph Lameter: "Re: From last __GFP_ZERO changes"
In reply to: Alan Cox: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Olaf Dietsche: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]