On Sun, 16 Nov 2003, Marco d'Itri wrote: > On Nov 15, Miquel van Smoorenburg <[EMAIL PROTECTED]> wrote: > >too early to put that into init upstream ? > I don't know. It was a quick hack I made because I wanted to play with > capabilities. I suppose that there is a reason if whoever designed this > did not allow normal programs to raise capabilities.
But normal programs ARE allowed to raise capabilities, as long as they have this capability to begin with. As the kernel stands right now (why? I have no idea), init has to explicitly request capabilities for its children... otherwise nothing can, since init is the 'parent' of all. Maybe it is fear that some 'distracted' admin will lock himself outside of root, but then, since when we accept that as an excuse for blocking something? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
