Relationship with kernel
Relationship with kernel
Posted Nov 5, 2025 18:17 UTC (Wed) by bluca (subscriber, #118303)In reply to: Relationship with kernel by SLi
Parent article: A security model for systemd
Fortunately it is not quite the case, generally speaking. Lots of stuff gets added because we ask for them and are the primary users - see most of the PID FD interfaces that were added in the past few years, and lots of cgroups stuff before that too.
However, there are tons of _existing_ interfaces/systems/whatnot that can't really change, as it would be a massive compat break to do so, and an humongous task on top of that, so it is true that we are resigned to e.g. file caps being what they are.
Adding new things is much much easier than changing existing, entrenched subsystems.
However, there are tons of _existing_ interfaces/systems/whatnot that can't really change, as it would be a massive compat break to do so, and an humongous task on top of that, so it is true that we are resigned to e.g. file caps being what they are.
Adding new things is much much easier than changing existing, entrenched subsystems.
So as always it's nuanced, and there's a bit of both at play.