On Oct 23 2007 11:14, Giacomo A. Catenazzi wrote: >> So, we give caps to the subadmins (which is IMHO a natural task), >> and then, as per LSM design (wonder where that is written) deny >> some of the rights that the capabilities raised for subadmins grant, >> because that is obviously too much. > > Nothing wrong. I only said that it was against (IIRC) the > principle of LSM in kernel (we should only remove capacities).
Leave my capacitance alone! :) [i hope you get the joke] Anyway - I see your point. But what would give the user the capabilities in the first place, if not a security module that implements this-and-that capability-raising scheme? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
