> As such, we should _allow_ the capability to raise other capabilities. If
> you don't like that capability, you can just make sure that it is cleared
> at boot for everybody, and then nobody can inherit it and nobody can ever
> get it any other way either (as nobody has the capability to raise the
> capability).
Excellent, sounds like the "bounding set" to me...
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu