On Mon, 18 Mar 2013, Matthew Garrett wrote: > This patch introduces CAP_COMPROMISE_KERNEL. I'd like to see this named CAP_MODIFY_KERNEL, which is more accurate and less emotive. Otherwise I think core kernel developers will be scratching their head over where to sprinkle this. Apart from that, I like the idea, especially when it's wired up to MAC security. -- James Morris <jmorris at namei.org>
