Re: sys_setpriority error

From: Casey Schaufler (caseyat_private)
Date: Thu May 31 2001 - 09:10:20 PDT

  • Next message: Titus D. Winters: "Re: sys_setpriority error"

    Chris Wright wrote:
    > The problem is that
    > capabilities is fundamentally about overriding restrictions (at least that's
    > my read of the P1003.1e draft).
    This is correct. The Capabilities of P1003.1e are intended
    to be explicit permissions to override system security policy.
    They were designed with the goal of breaking up the Superuser.
    They were also designed to provide clarity on what the base
    P1003.1 spec meant when it said "appropriate privilege".
    The capability specification reflects in many ways the
    policy which can be gleaned from the P1003.1 spec, including
    the list of required capabilities.
    Casey Schaufler				Manager, Trust Technology, SGI
    caseyat_private				voice: 650.933.1634
    casey_pat_private			Pager: 888.220.0607
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu May 31 2001 - 09:11:30 PDT