Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261687AbVAGWr4 (ORCPT ); Fri, 7 Jan 2005 17:47:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261679AbVAGWq5 (ORCPT ); Fri, 7 Jan 2005 17:46:57 -0500 Received: from hermes.domdv.de ([193.102.202.1]:13587 "EHLO hermes.domdv.de") by vger.kernel.org with ESMTP id S261676AbVAGWoh (ORCPT ); Fri, 7 Jan 2005 17:44:37 -0500 Message-ID: <41DF10BA.6040301@domdv.de> Date: Fri, 07 Jan 2005 23:44:10 +0100 From: Andreas Steinmetz User-Agent: Mozilla Thunderbird 1.0 (X11/20041207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Morton CC: Lee Revell , paul@linuxaudiosystems.com, arjanv@redhat.com, hch@infradead.org, mingo@elte.hu, chrisw@osdl.org, alan@lxorguk.ukuu.org.uk, joq@io.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] [request for inclusion] Realtime LSM References: <200501071620.j07GKrIa018718@localhost.localdomain> <1105132348.20278.88.camel@krustophenia.net> <20050107134941.11cecbfc.akpm@osdl.org> In-Reply-To: <20050107134941.11cecbfc.akpm@osdl.org> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1538 Lines: 37 Andrew Morton wrote: > Lee Revell wrote: > >>Really, I think Linux has owned the server space for so long that some >>folks on this list are getting hubristic. Just because you have the >>best server OS does not mean it's the best at everything. > > > nah, the requirement is clearly valid, and longstanding. We need to > satisfy it. It's just a matter of working out the best way. > > Chris Wright wrote: > >>... >>Last I checked they could be controlled separately in that module. It >>has been suggested (by me and others) that one possible solution would >>be to expand it to be generic for all caps. > > > Maybe this is the way? This could give an advantage for e.g. networked daemons, too. No more root privilege necessary for applications just to bind to a privileged port which does make life easier (CAP_NET_BIND_SERVICE). Other ideas for e.g. CAP_NET_RAW or CAP_SYS_RAWIO come to mind. Using the current capabilties in this design as all incuding supersets that can be defined more fine grained in a later step I guess should suit others, too. The remaining problem would then be the design of an extensible interface that is backwards compatible. -- Andreas Steinmetz SPAMmers use robotrap@domdv.de - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/