Re: [PATCH] [request for inclusion] Realtime LSM
From: Andreas Steinmetz
Date: Fri Jan 07 2005 - 17:55:31 EST
Andrew Morton wrote:
Lee Revell <rlrevell@xxxxxxxxxxx> wrote:
Really, I think Linux has owned the server space for so long that some
folks on this list are getting hubristic. Just because you have the
best server OS does not mean it's the best at everything.
nah, the requirement is clearly valid, and longstanding. We need to
satisfy it. It's just a matter of working out the best way.
Chris Wright <chrisw@xxxxxxxx> wrote:
...
Last I checked they could be controlled separately in that module. It
has been suggested (by me and others) that one possible solution would
be to expand it to be generic for all caps.
Maybe this is the way?
This could give an advantage for e.g. networked daemons, too. No more
root privilege necessary for applications just to bind to a privileged
port which does make life easier (CAP_NET_BIND_SERVICE). Other ideas for
e.g. CAP_NET_RAW or CAP_SYS_RAWIO come to mind. Using the current
capabilties in this design as all incuding supersets that can be defined
more fine grained in a later step I guess should suit others, too. The
remaining problem would then be the design of an extensible interface
that is backwards compatible.
--
Andreas Steinmetz SPAMmers use robotrap@xxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/