Melanie <[EMAIL PROTECTED]> writes: > Wouldn't it, just maybe, be acceptable to the kernel people if > capabilities could be turned on by some parameter on the kernel > command line (e.g. capabilities=on)?
We could ask. But, I suspect they will feel that they have adequately solved this problem in 2.6 by providing the pluggable security module infrastructure. This was doubtless motivated by a strong desire to *avoid* such discussions with an endless procession of people like us with "special security needs". >From that perspective, security modules look like an excellent solution. > This would make capabilities disabled by default, but gives a way to > enable them that does not require a kernel patch and rebuild... That would be nice, but I don't expect to see it backported to 2.4. -- joq