It occurs to me that my previous reply was unnecessarily long and missed the point. Trying again: On Sat, Mar 14, 2015 at 3:17 PM, Andrew G. Morgan <morgan@xxxxxxxxxx> wrote: > On Sat, Mar 14, 2015 at 2:45 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: >> On Sat, Mar 14, 2015 at 2:09 PM, Andrew G. Morgan <morgan@xxxxxxxxxx> wrote: >>> My Nack remains that you are eliminating the explicit enforcement of >>> selective inheritance. A lockable secure bit protecting access to your >>> prctl() function would address this concern. >> >> Would a sysctl or securebit that *optionally* allows pA to be disabled >> satisfy you? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It would be kind of nice to remove your nack. I think that the above is the relevant question. Could you answer it? --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
