From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 08 Sep 2003 - 02:31:34 BST
recently somebody asked me "what happended to
the CAP_QUOTACTL?", and I had to read the code
(my code ;) to remember, that I removed it some
time ago ...
The main reason for removing it was that this
capability had #30, and there are currently 32
bits available for capabilities, so I didn't
want to use them up lightly ...
to cut this short, it seems to me that currently
possible granularity isn't sufficient for many
vserver applications (just take a look at the
~40 allows/denies the CAP_SYS_ADMIN implicates),
so I would propose to extend and/or separate the
vserver specific capabilities from the 'normal'
capabilities, creating some kind of Per Context
Capabilities, which then would allow to have
fine grained control where it is required.
examples would be:
- Allow examination and configuration of disk quotas
- Allow setting the domainname
- Allow setting the hostname
- Allow setting promiscuous mode
- Allow clearing driver statistics
- Allow binding to any address for transparent proxying
- Allow mlock and mlockall
and of course future capabilities not needed on
normal systems, like ...
- Allow access to other Context Files
- Allow full /proc filesystem
- Allow generic/secure device access
and many more ...
what do you think about it?