On Wed, Feb 06, 2013 at 03:20:09PM -0600, Serge Hallyn wrote: > > > > > Do we finally have mechanisms to start processes without root but with > > > > > elevated capabilities? > > > > We also need fallback for non Capability-capable supported kernels > > > > (wow that's an awkward sentence) > > > Not to mention non-xattr-backed filesystems. > > xattrs is only one of possible mechanisms but as we don't have it either, > > its shortcomings are probably not worth mentioning. > For posix capabilities attached to files xattrs are currently the > only means. That's what I assumed this was referring to. I suppose there can be other theoretical means to do that with a privileged helper (and /sbin/init is privileged, for example).
-- WBR, wRAR
signature.asc
Description: Digital signature