subject:"Re\: \[RFC PATCH 1\/2\] security, capabilities\: create CAP_TRUSTED"

Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED

2017-10-21 Thread nicolas

,linux-e...@vger.kernel.org,linux-kernel@vger.kernel.org,linux-f2fs-de...@lists.sourceforge.net,linux-fsde...@vger.kernel.org,linux-...@lists.infradead.org,jfs-discuss...@lists.sourceforge.net,ocfs2-de...@oss.oracle.com,linux-unio...@vger.kernel.org,reiserfs-de...@vger.kernel.org,linux-security-mod

Re: [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED

2017-10-21 Thread Serge E. Hallyn

Quoting Nicolas Belouin (nico...@belouin.fr): > with CAP_SYS_ADMIN being bloated, the usefulness of using it to > flag a process to be entrusted for e.g reading and writing trusted > xattr is near zero. > CAP_TRUSTED aims to provide userland with a way to mark a process as > entrusted to do specifi