18 Nov
2003
18 Nov
'03
6:54 p.m.
Melanie <melanie(a)t-data.com> writes:
Wouldn't it, just maybe, be acceptable to the
kernel people if
capabilities could be turned on by some parameter on the kernel
command line (e.g. capabilities=on)?
We could ask. But, I suspect they will feel that they have adequately
solved this problem in 2.6 by providing the pluggable security module
infrastructure. This was doubtless motivated by a strong desire to
*avoid* such discussions with an endless procession of people like us
with "special security needs".
From that perspective, security modules look like an
excellent
solution.
This would make capabilities disabled by default, but
gives a way to
enable them that does not require a kernel patch and rebuild...
That would be nice, but I don't expect to see it backported to 2.4.
--
joq