--- Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de> wrote:Hmm. The primary purpose of the capability mechanism, according to the POSIX P1003.1e/2c working group*, is to separate the privilege mechanism from the userid mechanism. You are now reintegrating them two mechanims, albiet differently than they were integrated before. You can already achieve this end using filesystem based capabilties and mode bits and/or ACLs, so why the change? Woof. As reasonable as mode bits on ports seems, there's an awful lot of tradition associated with the privileged port model. I can see the value in it, I've actually implemented it in the past in the Unix world, but I have never seen anyone willing to take advantage of the scheme. ----- * As I'm the only member of that working group who ever pipes up here, you'll have to take my word for it. (smiley) Casey Schaufler casey@schaufler-ca.com --
| Greg Kroah-Hartman | [PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO |
| Tarkan Erimer | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Amit K. Arora | [RFC] Heads up on sys_fallocate() |
| Bart Van Assche | Integration of SCST in the mainstream Linux kernel |
git: | |
| David Miller | [GIT]: Networking |
| Gerrit Renker | [PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side) |
| David Miller | Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Frans Pop | svc: failed to register lockdv1 RPC service (errno 97). |
