[PATCH 04/14] Implement CAP_TRUST capability.
Dr. Greg
greg at enjellic.com
Sat Feb 11 00:32:51 UTC 2023
On Mon, Feb 06, 2023 at 05:28:06PM +0000, Serge Hallyn (shallyn) wrote:
> On Fri, Feb 03, 2023 at 11:09:44PM -0600, Dr. Greg wrote:
> > TSEM was designed to support a Trust Orchestration System (TOS)
> > security architecture. A TOS based system uses the concept of a
> > minimum Trusted Computing Base of utilities, referred to as trust
> > orchestrators, that maintain workloads in a trusted execution
> > state. The trust orchestrators are thus, from a security
> > perspective, the most privileged assets on the platform.
> >
> > Introduce the CAP_TRUST capability that is defined as a
> > capability that allows a process to alter the trust status of the
> This sounds like CAP_MAC_ADMIN. Any reason not to re-use that?
Hi Serge, thanks for passing along the question.
Casey raised the same issue, will respond in more detail in a reply to
his e-mail.
Have a good weekend.
As always,
Dr. Greg
The Quixote Project - Flailing at the Travails of Cybersecurity
More information about the Linux-security-module-archive
mailing list