Yes, this has been mentioned. However I'm not sure it's needed. _At
least_ not before we have a capabilities-aware file system. Currently
we can't force new capabilities on a process unless done by some
"capability-daemon" so a bounding set adds nothing but complexity. I
don't like adding complexity unless it is _really_ needed.
> We seem to be missing the bounding set.
>
> It would seem that totally conflicting capability sets would prevent
> an executable from being run, since it would be dangerous to have a
> privileged executable run with only half of what it needs.
Yes, but we currently don't have any way of checking this since we
don't know the "allowed" set of the program we want to execute. This
check is only possible to do with file system support for
capabilities.
astor
-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu