LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The trouble with CAP_SYS_RAWIO

The trouble with CAP_SYS_RAWIO

Posted Mar 14, 2013 4:50 UTC (Thu) by heijo (guest, #88363)
In reply to: The trouble with CAP_SYS_RAWIO by mjg59
Parent article: The trouble with CAP_SYS_RAWIO

The problem is that both CAP_SYS_RAWIO, CAP_SYS_ADMIN and possibly others used to be equivalent and imply the ability to arbitrarily alter the system.

Redefining those to no longer being able to do so is idiotic and breaks compatibility.

(Log in to post comments)

The trouble with CAP_SYS_RAWIO

Posted Mar 14, 2013 5:04 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

CAP_SYS_RAWIO is not equivalent to CAP_SYS_ADMIN. That's why they're not defined to the same value. It does not imply the ability to arbitrarily alter the system. That's *the entire point* of capabilities.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds