> There are some "write once" items that for the general purpose user that > won't brick a box, but should probably be blacklisted though. > I'll think this through some more. I would strongly urge you to do whitelisting as it's good security. If you can divide the calls into something like this it fits the Linxu desktop model well: Safe -> anyone can do it Console -> only console owner Superuser -> administrator level (things that can be irritating but don't persist a reboot) Beyond that it's trickier - if you are an enterprise business then you don't for example want to allow someone with root on the system to subvert BIOS level settings they can't access. You need a minimum of CAP_SYS_RAWIO for anything that can (through bugs or design) subvert secure boot type stuff. It's also probably an appropriate check for 'anything goes' if you decide to have that category. CAP_SYS_RAWIO implies total power over the machine although with secureboot it's less clear. Alan
