Re: Filesystem Capabilities in 2.6?

From: Hacksaw (hacksaw@hacksaw.org)
Date: Sun Nov 03 2002 - 02:36:01 EST


A call from left field:

As a sys-admin I love the idea of the capabilities, but I hate this mount
--bind thing. I'd really rather see it have its own command name. If it were
strictly something that happens at mount time for a filesystem that'd be one
thing, but

>mount --bind --capability=xx,yy /usr/bin/foo /usr/bin/foo

looks like a mistake.

If you were loop mounting the binary into the user's directory, then I could
see using mount.

This would be clearer:

setcap -c xx,yy /usr/bin/foo

(I also have nothing against long option names.)

-- 
The end is a finish, a conclusion or a completion.
http://www.hacksaw.org -- http://www.privatecircus.com -- KB1FVD

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:28 EST