Re: Securelevel bitmap patch

Michael Schmitz (schmitzm@uclink4.berkeley.edu)
Mon, 30 Mar 1998 17:35:38 -0800

At 2:41 PM +0200 3/30/98, Harald Koenig wrote:
>maybe just don't call it `child capabilities' but `maximum capabilities'.
>
>I know these priviledge bitmaps from good old VAX/VMS times and it was
>pretty handy that you have been allowed to remove all those authorized
>priviledges for your own process jsut for now, and later on you can
>enable those priviledges back again (but only those which have been
>marked in your `maximum capabilities' or (VMS style) "authorized privs".

Yep, and please define a set of 'default capabilities' per user as well :-)
Plus the 'process rights identifiers' come to mind to regulate per-object
access. VMS was quite powerful in that respect, but a little too complex
for everyday use. Learn from it but try to keep it simpler.

>the same is true for nice levels (VMS: process priorities).
>sometimes it was convenient to be allowed to lower the oen priority (slow
>down)
>for a while, but being allowed to increase it later again up to the normal
>nice level sometimes makes it more conveniant and more likely to `be nice'
>for at least some time.

VMS priorities and nice levels don't really compare. Changing the priority
from
4 to 3 would drop you from 90% to 1% CPU time IIRC. Please don't do _that_
for Linux :-)

Michael

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu