[PATCH 0/3] Introduce user namespace capabilities
Jarkko Sakkinen
jarkko at kernel.org
Sat May 18 11:08:09 UTC 2024
On Fri May 17, 2024 at 10:11 PM EEST, Jonathan Calmels wrote:
> On Fri, May 17, 2024 at 10:53:24AM GMT, Casey Schaufler wrote:
> > Of course they do. I have been following the use of capabilities
> > in Linux since before they were implemented. The uptake has been
> > disappointing in all use cases.
>
> Why "Of course"?
> What if they should not get *all* privileges?
They do the job given a real-world workload and stress test.
Here the problem is based on a theory and an experiment.
Even a formal model does not necessarily map all "unknown unknowns".
BR, Jarkko
More information about the Linux-security-module-archive
mailing list