On 02/13/2013 09:51 AM, Casey Schaufler wrote:
You can't add a new capability where there is an existing capability
that can be remotely argued to be appropriate.
If you tried to "fix" CAP_SYS_RAWIO and/or CAP_SYS_ADMIN you'd end
up with hundreds of capabilities.
Your particular problem is *not* so important that you get a
capability all to yourself.
{facepalm}
This is exactly the kind of thinking which has led to the capability
system being so bloody useless.
Capabilities need to be associated with resources, not use cases.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
