capabilities and kmod

Jochen Friedrich (
Sun, 21 Nov 1999 19:45:34 +0100 (CET)

Hi there,

what is the reason to give kmod the full set of capabilities while
limiting init to the full set except CAP_SETPCAP? Users can always replace
/sbin/modprobe with a shell script which executes "/sbin/setpcaps =eip -1"
and they'll get the full set of capabilities back. Is this an oversight?
Wouldn't it be enough to grant kmod CAP_SYS_MODULE rights instead of


Jochen Friedrich                          NWE Network-Engineering GmbH

Wingertstr. 70/1 6-bone: JF3-6BONE D-68809 Neulussheim e-mail: voice: +49 (0) 6205 3920-59 web: fax: +49 (0) 6205 3920-58 ----------------------------------------------------------------------

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at