Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities

[David Madore]

On Sun, Sep 17, 2006 at 04:39:16PM -0400, Joshua Brindle wrote:
> The benefits of this are so minuscule and the cost is so high if you are 
> ever to use it that it simply won't happen..

I'm withdrawing that patch anyway, in favor of a LSM-style approach,
the "cuppabilities" module (cf. the patch I posted a couple of hours
ago with that word in the title, and I'll be posting a new version in
a day or so, or cf. <URL:
http://www.madore.org/~david/linux/cuppabilities/
 >).  In this case, the relative cost will be lower since the
security_ops->inode_permission() hook is called no matter what.

But I agree that the value of restricting open() is very dubious and
it was intended mostly as a demonstration.  So if there is strong
opposition to this sort of thing, I'll remove it.

Happy hacking,

-- 
     David A. Madore
    (david.madore@xxxxxx,
     http://www.madore.org/~david/ )
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/