Re: understanding Linux capabilities brokenness
From: Kyle Moffett
Date: Tue Aug 09 2005 - 15:20:53 EST
On Aug 9, 2005, at 11:16:33, Christopher Warner wrote:
In my observer pragmatic view; yes. On many occasion, i've come to CAP
calls only to be frustrated with the sheer disconnect of it all. It
simply doesn't work. If it means having to break posix conformance
for a
working implementation. Then so be it.
On Tue, 2005-08-09 at 00:46 -0400, James Morris wrote:
Let me play the Devil's advocate here.
Should we be thinking about deprecating and removing capabilities
from
Linux?
One brief suggestion:
A key/token interface was recently introduced that might be useful to
allow
a simple new inheritance model for "capabilities", "roles",
"rootperms" or
whatever other abstraction you create.
Cheers,
Kyle Moffett
--
There are two ways of constructing a software design. One way is to
make it so
simple that there are obviously no deficiencies. And the other way is
to make
it so complicated that there are no obvious deficiencies. The first
method is
far more difficult.
-- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/