Re: RFC: capabilities(7): notes for kernel developers

From: Casey Schaufler
Date: Thu Dec 15 2016 - 19:51:39 EST

Next message: KY Srinivasan: "RE: move hyperv CHANNELMSG_UNLOAD from crashed kernel to kdump kernel"
Previous message: Li, Liang Z: "RE: [Qemu-devel] [PATCH kernel v5 0/5] Extend virtio-balloon for fast (de)inflating & fast live migration"
In reply to: John Stultz: "Re: RFC: capabilities(7): notes for kernel developers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/15/2016 4:31 PM, John Stultz wrote:
> On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler
> <casey@xxxxxxxxxxxxxxxx> wrote:
>> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote:
>>> On 12/15/2016 05:29 PM, Casey Schaufler wrote:
>>>> CAP_WAKE_ALARM could readily be CAP_TIME.
>>> Actually, I don't quite understand what you mean with that sentence.
>>> Could you elaborate?
>> Should have said CAP_SYS_TIME
>>
>> Setting an alarm could be considered a time management function,
>> depending on what it actually does.
> Just a nit here. CAP_WAKE_ALARM is more about the privilege of waking
> a system from suspend, while CAP_SYS_TIME covers the ability to set
> the time. One wouldn't necessarily want to give applications which
> could wake a system up the capability to also set the time.

Doesn't really matter, except that an ignorant developer
might make the mistake I did and assume that WAKE_ALARM
was somehow related to time management. If you want to use
it as an example don't let my dunderheadedness get in your
way.

> thanks
> -john

Again, thank you for taking this on. It should be a
big help.

Next message: KY Srinivasan: "RE: move hyperv CHANNELMSG_UNLOAD from crashed kernel to kdump kernel"
Previous message: Li, Liang Z: "RE: [Qemu-devel] [PATCH kernel v5 0/5] Extend virtio-balloon for fast (de)inflating & fast live migration"
In reply to: John Stultz: "Re: RFC: capabilities(7): notes for kernel developers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]