|Main Archive Page > Month Archives > selinux archives|
> Second RFC on this patch, collects up discussion and changes so far. If
> no objections, then this will be re-posted as just a [PATCH] on selinux
> and lkml.
> Extend SELinux to allow capabilities to be granted authoritatively
> based solely on SELinux policy, enabling users of SELinux to
> selectively reduce or fully eliminate the need for a "root" user and
> setuid executables. This provides an alternative approach to file
> capabilities without conflicting with it.
Why don't you just work with the people who are getting the file capabilities working and integrate that into SELinux? Why do you have to take this tangent and confuse everything?
There. An objection. I do not believe you've demonstrated that using the proposed file capabilities can't get you what you want, and that we don't need two implementations of the same thing.
email@example.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.