On Wed, 24 Jan 2007 12:58:45 -0600 "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> > If we need to I can see doing something special if the process setting > > fown has CAP_KILL > > Obviously CAP_KILL is insufficient :) I assume you mean a new > CAP_XNS_CAP_KILL? > > > and bypassing the security checks that way, but > > hard coding rules like that when it doesn't appear we have any > > experience to indicate we need the extra functionality looks > > premature. > > Ok, in this case actually I suspect you're right and we can just ditch > the exception. But in general the security discussion is one we should > still have. People like security. Where do we now stand with this patch, and with "[PATCH 4/8] user ns: hook permission"? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/