Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756587AbcLPAvg (ORCPT ); Thu, 15 Dec 2016 19:51:36 -0500 Received: from nm30-vm5.bullet.mail.ne1.yahoo.com ([98.138.91.252]:47302 "EHLO nm30-vm5.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754171AbcLPAv1 (ORCPT ); Thu, 15 Dec 2016 19:51:27 -0500 X-Yahoo-Newman-Id: 797725.66855.bm@smtp209.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: qE4iGYYVM1kIVXKXr_0krwPTkysm.ApQSm9Qg02gGdcIn7X yoBIn3yZxz7k1mh2gtrcoP_RY3vinWr3rdSJr8_aHXwFasz1JVqm1nWJd0RY 7zW88Fm_RXa29FJKRKAP3D8IX6s3TpXPj8FItGam4z2PBnWfFGN20KxNUm5g _9LS9G0Frj8wU9c55Rlj9GC5ykNJWnF5yJDYLUPs04iPcix8hce4NYhEfhfQ AfKrYlou3TfaE_w9TsWlVireTk.Pne58hDFRsESyTkS4_TtaOZg3_Ef0WJCO zImoci6kG92uq_ceCYmOmuLSJKntwDpLMpgKNdM76nvddv5voZ29npRgEXM2 zvKsxyAPGk7MhqZPdtXci7ORfhj61PUxfffgXeUlt_8gsC8I23FZyHUWz9sN DswQkHx6hD0hxNA63z1gB4qk1Nk6RYbAvSZrNCowePXu7e046h9AvL0kjDJs tWCeYRMkiD9_46h3LuQYoDbPuobh.H9VdHitDEjhqrdWGZsB05ajK8n13apw _ysKVoDY8vL3.1I6Im2.ZkNPbQJcJunueQ4ogV4HCnekTcjM2QdxYrlzp.2W 5AQ7GOpNJoR6A X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Subject: Re: RFC: capabilities(7): notes for kernel developers To: John Stultz References: <43dcc6dc-265b-5eaf-3a70-701e05200b9f@gmail.com> <9ed6371f-3d38-45b1-a85b-1fbb3e5b4fc7@schaufler-ca.com> Cc: "Michael Kerrisk (man-pages)" , "Serge E. Hallyn" , James Morris , Kees Cook , Andy Lutomirski , Jann Horn , "Eric W. Biederman" , linux-man , linux-security-module , lkml From: Casey Schaufler Message-ID: <7a6b5f38-de8e-d8d4-e6f7-feae3f8d192e@schaufler-ca.com> Date: Thu, 15 Dec 2016 16:44:30 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1120 Lines: 28 On 12/15/2016 4:31 PM, John Stultz wrote: > On Thu, Dec 15, 2016 at 12:40 PM, Casey Schaufler > wrote: >> On 12/15/2016 11:41 AM, Michael Kerrisk (man-pages) wrote: >>> On 12/15/2016 05:29 PM, Casey Schaufler wrote: >>>> CAP_WAKE_ALARM could readily be CAP_TIME. >>> Actually, I don't quite understand what you mean with that sentence. >>> Could you elaborate? >> Should have said CAP_SYS_TIME >> >> Setting an alarm could be considered a time management function, >> depending on what it actually does. > Just a nit here. CAP_WAKE_ALARM is more about the privilege of waking > a system from suspend, while CAP_SYS_TIME covers the ability to set > the time. One wouldn't necessarily want to give applications which > could wake a system up the capability to also set the time. Doesn't really matter, except that an ignorant developer might make the mistake I did and assume that WAKE_ALARM was somehow related to time management. If you want to use it as an example don't let my dunderheadedness get in your way. > thanks > -john Again, thank you for taking this on. It should be a big help.