Personally, I don't need it. I can see why the original poster
might want it though: some people like the microkernel design,
and they might want to use some of the concepts on Linux.
Maybe they would implement a Win32 server like NT 3.x had.
(I assume that normal people want to keep Win32 out of the kernel)
(yes, I know about WINE - it is not complete either)
>>>>> (i guess you missed include/linux/capability.h, a feature of 2.2.
>>>>> Not completely finished, but the main mechanizm is in there.)
>>>>
>>>> I believe he means "true" capability support. In any case,
>>>> Linux can't revoke normal user capabilities.
>>>
>>> what do you mean by 'true'.
>>
>> True capability systems are token-based. They work very much like
>> file descriptor security. Access can be passed from process to
>> process, but is not automatically shared by all processes with the
>> same UID. [...]
>
> this is what Linux capabilities do too, if you care to take a look
> at the code.
No, Linux capabilities grant special privilege.
True capability systems can control object access.
True capabilities take the place of ACLs and could
even take the place of the process UID and GID.
It is a very strange concept. I'm not sure how practical it
could be, but at least one unixy system (DG-UX) can use
capabilities in addition to normal security.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/