http://lwn.net/Articles/280279/ 2.6.26 will be going even more down the capabilities path Pavel Troller. Note the first section of capabilities has been in the kernel for years. The more powerful forms are appearing in the most current kernels. Also the patch that went mainline is not a breach of Posix. Posix file capabilities only ever got as far as a working paper. Note posix file capabilities are to replace or limit sudo bits. It does make sense for distribution to use them. Also lives threw if users disable the LSM's.