Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 4 Nov 2002 07:18:42 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 4 Nov 2002 07:18:42 -0500 Received: from mailout08.sul.t-online.com ([194.25.134.20]:40579 "EHLO mailout08.sul.t-online.com") by vger.kernel.org with ESMTP id ; Mon, 4 Nov 2002 07:18:41 -0500 Cc: linux-kernel@vger.kernel.org References: <1036307763.31699.214.camel@thud> From: Olaf Dietsche To: Antti Salmela Subject: Re: Filesystem Capabilities in 2.6? Date: Mon, 04 Nov 2002 13:24:57 +0100 Message-ID: <874raxh692.fsf@goat.bogus.local> User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Honest Recruiter, i386-debian-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1071 Lines: 23 Antti Salmela writes: > Dax Kelson wrote: > >> Each app should run in its own security context by itself. That is why >> I have all the following users in my /etc/passwd: >> >> apache nscd squid xfs ident rpc pcap nfsnobody radvd gdm named ntp > > Well, wouldn't it be then logical to associate uids to capabilities, e.g. I > could have ping binary setuid to user ping which would have just the > necessary capabilities to operate? Welcome to accessfs :-) It's not exactly what you asked for, but I think it's the closest you can get at the moment. Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/