On Wed, 4 Feb 2015, Andrew G. Morgan wrote: > I was thinking more like this: > > int override = secure(SECURE_AMBIENT_PRIVS) && > cap_isclear(caps->inheritable.cap);
Uhh.. Then processes that require other capabilties would not pass them through anymore to other stuff that they invoke. Also the new caps need to be set somewhere. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
