LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A bid to resurrect Linux capabilities

A bid to resurrect Linux capabilities

Posted Sep 14, 2006 17:35 UTC (Thu) by kfiles (subscriber, #11628)
Parent article: A bid to resurrect Linux capabilities

I'm not sure I agree with the premise that no Linux distribution has shipped with active capabilities support, or that current capabilities support is inherently unusable due to the lack of inheritance.

For many years, I've used the highly-secure EngardeLinux distribution from Guardian Digital, which shipped with LIDS (http://www.lids.org) installed and enabled by default. Now, LIDS development is mostly bug-fixing at this point -- it's not pushing cutting edge features. However, for a manageable Mandatory Access Control system utilizing capabilities, it's quite nice. Like SELinux, it uses centralized ACL configuration rather than file attributes, which makes it a better fit for distributions than for package owners (See, e.g. AppArmor, as a solution that enables each package to ship its own ACLs).

Thanks,
--kirby

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds