Just as a note:
LIDS really makes use of the capabilities stuff that is in the kernel
anyway. Well it complements it with file access control lists (and
maybe some other stuff, I don't have much experience with LIDS), but
not everything in LIDS is it's own invention. I think really it
should be the software (the deamons running as root) itself which
should make use of the capabilities, instead of leaving this task to
the administrator.
Also it's probably generally not that a good (well thought out) idea
to transfer the security border from root_space <-> normal_user_space
to lids_protected_space <-> root_and_normal_user_space; there will be
security holes in LIDS too..
christian.
