>On 2003.11.18 21:02 Paul Davis wrote: >> i'm with fernando on this. we are not looking for broad acceptance, >> though it would be nice. it would be great if this showed us a >> config-time option for the kernel, but i think its unlikely. more >> likely than caps being turned on by default, though. > >Wouldn't it, just maybe, be acceptable to the kernel people if capabilities >could be turned on by some parameter on the kernel command line (e.g. >capabilities=on)? >This would make capabilities disabled by default, but gives a way to enable >them that does not require a kernel patch and rebuild...
i don't think they want them even compiled into the kernel. think about it: the security model they present is very complex, and very distributed through the entire kernel. i don't think anyone could say with complete confidence that even if you do not use the cmdline arg that the presence of capabilities support does not pose a security issue. by contrast, kjetil's patch has very deterministic and very local effects, and when its off, we know its off.