LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

File-based capabilities

File-based capabilities

Posted Nov 30, 2006 10:10 UTC (Thu) by NAR (subscriber, #1313)
Parent article: File-based capabilities

A full capability-based system would approach SELinux in complexity, and may thus beyond the ability of most people to manage.

I guess it may, but shouldn't this kind of things be managed by the distributors? Shouldn't rpm/dpkg set these bits up properly?

Bye,NAR

(Log in to post comments)

File-based capabilities

Posted Nov 30, 2006 13:14 UTC (Thu) by jospoortvliet (subscriber, #33164) [Link]

indeed. i guess it wouldn't be very hard to apply certain basic
restrictions, making the system more secure, without hampering it's use.

i do find it hard to grasp the (details of the) difference between SElinux
(and friends) and these capabilities, tough. as i read about it, i wonder
why SElinux couldn't use these capabilities?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds