Subject: Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
From: Paul Davis (paul_AT_linuxaudiosystems.com)
Date: Wed Nov 19 2003 - 01:00:14 EET
>On 2003.11.18 21:02 Paul Davis wrote:
>> i'm with fernando on this. we are not looking for broad acceptance,
>> though it would be nice. it would be great if this showed us a
>> config-time option for the kernel, but i think its unlikely. more
>> likely than caps being turned on by default, though.
>
>Wouldn't it, just maybe, be acceptable to the kernel people if capabilities
>could be turned on by some parameter on the kernel command line (e.g.
>capabilities=on)?
>This would make capabilities disabled by default, but gives a way to enable
>them that does not require a kernel patch and rebuild...
i don't think they want them even compiled into the kernel. think
about it: the security model they present is very complex, and very
distributed through the entire kernel. i don't think anyone could say
with complete confidence that even if you do not use the cmdline arg
that the presence of capabilities support does not pose a security issue.
by contrast, kjetil's patch has very deterministic and very local
effects, and when its off, we know its off.
This archive was generated by hypermail 2b28 : Wed Nov 19 2003 - 00:58:12 EET