As a sys-admin I love the idea of the capabilities, but I hate this mount
--bind thing. I'd really rather see it have its own command name. If it were
strictly something that happens at mount time for a filesystem that'd be one
thing, but
>mount --bind --capability=xx,yy /usr/bin/foo /usr/bin/foo
looks like a mistake.
If you were loop mounting the binary into the user's directory, then I could
see using mount.
This would be clearer:
setcap -c xx,yy /usr/bin/foo
(I also have nothing against long option names.)
-- The end is a finish, a conclusion or a completion. http://www.hacksaw.org -- http://www.privatecircus.com -- KB1FVD
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/