Re: patch to make Linux capabilities into something useful (v 0.3.1)

[Serge E. Hallyn]

Quoting David Madore (david.madore@xxxxxx):
> On Thu, Sep 07, 2006 at 12:27:31AM +0200, David Madore wrote:
> > On Wed, Sep 06, 2006 at 01:25:31PM -0500, Serge E. Hallyn wrote:
> > > I'd recommend you split this patch into at least 3:
> > > 	1. move to 64-bit caps
> > > 	2. introduce your new caps
> > > 		(perhaps even one new cap per patch)
> > > 	3. introduce the new inheritance rules
> > 
> > Yes, that sounds like a good idea.  I'll do that.
> 
> Done.  Attached.  Except that the order is
> 
> part1: move to 64-bit caps (and also re-enable CAP_SETPCAP),
>        where upper 32-bits are "regular" capabilities (but none defined)
> 
> part2: introduce the new inheritance rules
> 
> part3: introduce new ("regular") capabilities

Thanks.  This made comparing the inh behavior to your web page and to
the classic code much easier.

I'm not sure reserving all 32 for 'regular' caps is the way
to go, since we're about to overflow the 32 bits of sysadm caps
already.  What about maybe 20 regular caps?

No need to do this now for my sake, but if you repost these, doing so
in 3 separate emails with the patches inline will make it more likely
that people read them.

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/