> As a sys-admin I love the idea of the capabilities, but I hate this mount
> --bind thing. I'd really rather see it have its own command name. If it were
> strictly something that happens at mount time for a filesystem that'd be one
> thing, but
>
> >mount --bind --capability=xx,yy /usr/bin/foo /usr/bin/foo
>
> looks like a mistake.
>
> If you were loop mounting the binary into the user's directory, then I could
> see using mount.
>
> This would be clearer:
>
> setcap -c xx,yy /usr/bin/foo
>
> (I also have nothing against long option names.)
As a sysadmin, this should be about 20 seconds with your favourite editor
to create a "setcap" shell script.
MfG Kai
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/