On Fri, 2013-02-08 at 13:02 -0800, Kees Cook wrote: > I don't find it unreasonable to drop all caps and lose access to > sensitive things. :) That's sort of the point, really. I think a cap > is the best match. It seems like it should either be a cap or a > namespace flag, but the latter seems messy.
Yeah, I think it's an expected outcome, but it means that if (say) qemu drops privileges, qemu can no longer access PCI resources - even on non-secure boot systems. That breaks existing userspace.
