I think POSIX.6 security would be a great thing to have in Linux 2.2.
Surely a POSIX.6 implementation (or one based on its ideas) is not too
much hassle. In fact with finals concluding soon I may attempt it myself
:)
Actually, it's very complicated. There's some filesystem work that
needs to go into it --- there are currently separate filesystem patches,
which I will (hopefully within a few weeks) have the time to work on
getting them folded into the mainline Linux kernel.
Then there are all of the changes in the kernel to handle all of the
various capabilities.
Finally (and most importantly), you need a lot of good user tools to
manage all of the various POSIX.6 tuning knobs, or you may end up with a
system which is *less* secure, because it's so complicated that the
system administrator can't keep track of it all.
The list where the people who are working on all of this is
linux-privs@mit.edu (which I see you've already subscribed yourself to,
but I mention it for the benefit of others who are interested in this
topic.)
- Ted