adding CAP_RESERVED_# bits
Luigi Semenzato
semenzato at google.com
Fri Jun 6 17:57:45 UTC 2025
Recently I inquired about the decision process for adding a CAP_DRM
bit to capability.h (to become DRM master). It occurred to me that
the process for adding ANY bit would be fraught with controversies (to
say the least).
So I looked into maintaining a patch in our own kernel sources, but
that was surprisingly messy due to the build-time dependencies of
capability.h and the way we maintain and share sources internally for
multiple kernel versions. This would have been quite simple if there
were a few reserved bits, such as CAP_RESERVED_0, ..,
CAP_RESERVED_<N-1> with, say, N=3.
Would this also be controversial?
Thanks!
More information about the Linux-security-module-archive
mailing list