> Dax Kelson <dax@gurulabs.com> wrote:
>
>> Each app should run in its own security context by itself. That is why
>> I have all the following users in my /etc/passwd:
>>
>> apache nscd squid xfs ident rpc pcap nfsnobody radvd gdm named ntp
>
> Well, wouldn't it be then logical to associate uids to capabilities, e.g. I
> could have ping binary setuid to user ping which would have just the
> necessary capabilities to operate?
Welcome to accessfs :-)
<http://groups.google.com/groups?selm=87k7km9fti.fsf%40goat.bogus.local>
<http://groups.google.com/groups?selm=87elau9ft2.fsf%40goat.bogus.local>
<http://groups.google.com/groups?selm=878z129fnz.fsf%40goat.bogus.local>
It's not exactly what you asked for, but I think it's the closest you
can get at the moment.
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/