If we can agree to the following constraint, I will withdraw my
objection to CAP_SETPCAP:
(as Alan suggests here) we build in a "no-[capability list]" mount
option for mounting filesystems. That is to say, a sys-admin can
trust a filesystem to reliably manipulate only a subset of the
total capabilities known to the system.
[Perhaps this was implicit all along to Astor?]
Best wishes
Andrew
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu