Re: [PATCH] [request for inclusion] Realtime LSM

[Andreas Steinmetz]

Andrew Morton wrote:
> Lee Revell <rlrevell@xxxxxxxxxxx> wrote:
>
> > Really, I think Linux has owned the server space for so long that some
> > folks on this list are getting hubristic.  Just because you have the
> > best server OS does not mean it's the best at everything.
>
>
> nah, the requirement is clearly valid, and longstanding.  We need to
> satisfy it.  It's just a matter of working out the best way.
>
> Chris Wright <chrisw@xxxxxxxx> wrote:
>
> > ...
> > Last I checked they could be controlled separately in that module.  It
> > has been suggested (by me and others) that one possible solution would
> > be to expand it to be generic for all caps.
>
>
> Maybe this is the way?

This could give an advantage for e.g. networked daemons, too. No more 
root privilege necessary for applications just to bind to a privileged 
port which does make life easier (CAP_NET_BIND_SERVICE). Other ideas for 
e.g. CAP_NET_RAW or CAP_SYS_RAWIO come to mind. Using the current 
capabilties in this design as all incuding supersets that can be defined 
more fine grained in a later step I guess should suit others, too. The 
remaining problem would then be the design of an extensible interface 
that is backwards compatible.

--
Andreas Steinmetz                       SPAMmers use robotrap@xxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/