Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
From: David Madore
Date: Mon Sep 18 2006 - 07:59:54 EST
On Mon, Sep 18, 2006 at 07:46:06AM -0400, Joshua Brindle wrote:
> And that is just practical stuff, there are still problems with
> embedding policy into binaries all over the system in an entirely
> non-analyzable way, and this extends to all capabilities, not just the
> open() one.
Some people prefer the policy to be embedded into binaries all over
the system rather than centralized in one place. I think it's just a
question of choice: if you don't like this way of doing things, you
don't have to use it, of course (my "cuppabilities" module would be
entirely optional).
Happy hacking,
--
David A. Madore
(david.madore@xxxxxx,
http://www.madore.org/~david/ )
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/