I'm in the process of testing the (backported) capabilities patch and Kaigai's userspace tools on a SLES10 based x86-64 target (2.6.16). Chris Friedhoff's examples (http://www.friedhoff.org/fscaps.html) run cleanly. That said, can one expect, through the use of these enhanced capabilities, to be able to add some finer grain capabilities based on a specific userid? In Chris' ping example, the suid is removed from /bin/ping to restrict it to root, and a capability added to allow any user to execute it. Can that example be extended to make it so only a _particular_ user can execute it? I realize with SELinux, one could achieve the goal, but as a stopgap, can capabilities be used to get there? Thanks, Bill
-- Bill O'Donnell SGI [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
