Chris Wright <[EMAIL PROTECTED]> writes: > * Alexander Nyberg ([EMAIL PROTECTED]) wrote: >> I can see useful scenarios of having the possiblity of capabilities per >> inode (it appears the xattr way wins somewhat in the previous >> discussion). > > It's how it should be done.
I agree to disagree :-) >> Chris, have you seen any capabilities+xattr patches around? > > http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/ Which is pretty useless, since it doesn't apply to any recent (> 2.4.3) kernel. If you insist on a xattr based approach, take Andy Lutomirski's <http://www.stanford.edu/~luto/linux-fscap/> patch. It is more recent, a lot smaller and considerably more understandable (at least for me ;-). Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
