On Mon, Sep 9, 2013 at 3:56 PM, H. Peter Anvin <hpa@xxxxxxxxx> wrote: >>> >>> I.e. capabilities ;) >> >> Circles. All I see here are circles. >> >> Having lived an entire release with a capabilities based mechanism for >> this in Fedora, please no. >> >> And if you are talking about non-POSIX capabilities as you mentioned >> earlier, that seems to be no different than having securelevel being a >> bitmask of, well, levels. I don't have much opinion on securelevel >> being a big hammer or a bitmask of finer grained things, but I do >> think it's a more manageable way forward. Calling the implementation >> "capabilities" seems to just be unnecessarily confusing. >> > > This is the term "capability" in the general sense, not the POSIX > implementation thereof. See the whole last paragraph. Particularly the last sentence. josh -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html