If I'm not mistaken, CRYPTO_USER requires CAP_NET_ADMIN for all requests. Is there any reason for this requirement for read-only requests? I think read-only requests should not require CAP_NET_ADMIN. An example where this is important is important is AF_ALG. I'm working on AF_ALG support for GnuTLS, encryption and decryption via AF_ALG does not require special capabilities. However, retrieving the cipher priority to determine whether the cipher is hardware accelerated does require CAP_NET_ADMIN. Regards, Matthias-Christian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html