-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Casey Schaufler wrote: > In the end we can call it CAP_LATE_FOR_DINNER if that's the only way > I can move forward. CAP_MAC_OVERRIDE is the obvious partner to > CAP_DAC_OVERRIDE, so that's still my preference. CAP_SMACK_OVERRIDE > unnecessarily ties it to one LSM, and in spite of what some people > still seem to think, I see more LSMs in the pipeline.
I'd personally not like to see SMACK appear in a capability name. No offense Casey, but SMACK may be displaced with YAMAC (*) someday, and I'd hate to have wasted a capability on it. Using CAP_MAC_OVERRIDE makes sense to me - even if its not (yet/ever) honored by all MAC LSMs. I do have a question about whether one capability is sufficient in general for MAC. Looking at the: http://wt.xpilot.org/publications/posix.1e/download.html last draft, there are no less than 5 capabilities (p173) allocated for MAC. Presumably there was a good reason for 5 and not 1 back then - could you summarize what is different now? Thanks Andrew (*) yet-another example of yet-another -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHR5mc+bHCR3gb8jsRAlB9AJsHPi1+fFp1ONKJCMFDpLS1lYG4AwCfYxMX 8aaU+sOBNHU01uldtrJ8cEI= =/USy -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
