On Sun, 18 Apr 2010 00:46:25 +0100 David W Noon <dwn...@ntlworld.com> wrote:
> If any Joe Schmoe could imbue a program with capabilities, this might > be true. But that's not the way the system works. Sorry, I think i'm missing your point. > Only root can run the setcap program to add capabilities to a program, > at least on a normal, UNIX-style security system. On a role-based > security system, even root might not be permitted to do this. If I had the root password to own system(which I do...) and I wanted Wine to uses IPX without running as root. I would set "setcap cap_net_raw=ep /usr/bin/wine" as root. Then I could run Wine as my normal user. No one in there right mind would run Wine as root. If you did you may as well use Windows.
