Chris Wright wrote: > The problem is that > capabilities is fundamentally about overriding restrictions (at least that's > my read of the P1003.1e draft). This is correct. The Capabilities of P1003.1e are intended to be explicit permissions to override system security policy. They were designed with the goal of breaking up the Superuser. They were also designed to provide clarity on what the base P1003.1 spec meant when it said "appropriate privilege". The capability specification reflects in many ways the policy which can be gleaned from the P1003.1 spec, including the list of required capabilities. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu May 31 2001 - 09:11:30 PDT