Hi Jon, On Wed, May 13, 2026 at 03:04:21PM -0600, Jonathan Corbet wrote: > Willy Tarreau <[email protected]> writes: > > > On Wed, May 13, 2026 at 06:52:00AM -0600, Jonathan Corbet wrote: > > >> I definitely wouldn't argue for making it longer, and enumerating all of > >> the make-me-root capabilities would be silly. I would consider just > >> replacing CAP_SYS_ADMIN with "elevated capabilities" or some such. That > >> might rule out legitimate reports where some capability provides an > >> access it shouldn't, but I suspect you could live with that :) > > > > I think it could indeed work like this, without denaturating the rest > > of the paragraph and having broader coverage. Do you think you could > > amend/update it ? I'm not trying to add you any burden, it's just that > > it will take me more time before I provide an update :-/ > > How's the following?
Looks good, thank you! In case this is needed: Acked-by: Willy Tarreau <[email protected]> > (While I was there, I noticed that threat-model.rst has no SPDX line; > what's your preference there?) I didn't notice any was needed, I tried to get inspiration from other files for the format (I'm still not familiar with the rst format though this time I could successfully install the tools). Same for the label at the top BTW, I just did what I found somewhere else, probably security-bugs.rst which is similar (no SPDX line and has a label). So regarding SPDX, I do not have any preference. If one is needed, let's pick what's used by default, I do not care, as long as it allows the doc to be published. Thanks, Willy > Thanks, > > jon > > >From 1e15a25142583e312dcc504b0279d47508cbfdab Mon Sep 17 00:00:00 2001 > From: Jonathan Corbet <[email protected]> > Date: Wed, 13 May 2026 14:58:53 -0600 > Subject: [PATCH 2/2] docs: threat-model: don't limit root capabilities to > CAP_SYS_ADMIN > > The threat-model document says that only users with CAP_SYS_ADMIN can carry > out a number of admin-level tasks, but there are numerous capabilities that > can confer that sort of power. Generalize the text slightly to make it > clear that CAP_SYS_ADMIN is not the only all-powerful capability. > > Signed-off-by: Jonathan Corbet <[email protected]> > --- > Documentation/process/threat-model.rst | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/Documentation/process/threat-model.rst > b/Documentation/process/threat-model.rst > index 91da52f7114fd..f177b8d3c1caf 100644 > --- a/Documentation/process/threat-model.rst > +++ b/Documentation/process/threat-model.rst > @@ -62,7 +62,8 @@ on common processors featuring privilege levels and memory > management units: > > * **Capability-based protection**: > > - * users not having the ``CAP_SYS_ADMIN`` capability may not alter the > + * users not having elevated capabilities (including but not limited to > + CAP_SYS_ADMIN) may not alter the > kernel's configuration, memory nor state, change other users' view of the > file system layout, grant any user capabilities they do not have, nor > affect the system's availability (shutdown, reboot, panic, hang, or > making > -- > 2.53.0
