On Tue, 14 Jul 2015, Andy Lutomirski wrote: > ===== The proposed change ===== > > This patch adds a fifth capability mask called the ambient mask > (pA). pA does what most people expect pI to do. > This looks good, and I think it will lead to better overall security because people will find capabilities easier to use for real-world scenarios. Has it had enough security review? This is a significant new behavior being added to a widely enabled security module. - James -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html