On Jul 20, 2015 11:05 AM, "Florian Weimer" <fwei...@redhat.com> wrote: > > On 07/20/2015 05:59 PM, Steve Grubb wrote: > > > Today, any application that wants to manipulate capabilities needs to be > > capability aware. > > The application does not want to manipulate capabilities. I do not want > to run it as full root. I don't want to add additional SUID/fscaps to > the file system. > > It's somewhat silly to add a privilege escalation hatch to the file > system in order to run a daemon with *reduced* privileges.
This is exactly why the ambient caps patch is sitting in -mm. If you want to read it and email a quick review, that might help it along. :) --Andy
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
