From: Sam Vilain (sam_at_vilain.net)
Date: Mon 08 Sep 2003 - 12:18:27 BST

• Previous message: Ola Lundqvist: "Re: [vserver] debian-vserver"
• In reply to: Herbert Poetzl: "[vserver] VServer Capabilities ..."
• Next in thread: Rik van Riel: "Re: [vserver] VServer Capabilities ..."
• Next in thread: Georges Toth: "Re: [vserver] VServer Capabilities ..."
• Reply: Rik van Riel: "Re: [vserver] VServer Capabilities ..."

On Mon, 08 Sep 2003 02:31, Herbert Poetzl wrote;

> The main reason for removing it was that this
> capability had #30, and there are currently 32
> bits available for capabilities, so I didn't
> want to use them up lightly ...

I'm sure an extra 4 bytes per process table entry won't hurt :-) In
fact on 64 bit architectures it probably won't even take that.

Sounds good, if a lot of work, but it needs to be done. I wonder
whether the `magicness' of security context 1 shouldn't be controlled
by a capability instead? It would mean that the root context has full
access to see all processes, but that was the case anyway - it could
just use chcontext.

-- 
Sam Vilain, sam_at_vilain.net
  If we make peaceful revolution impossible, we make violent
revolution inevitiable.
JOHN F KENNEDY

• Previous message: Ola Lundqvist: "Re: [vserver] debian-vserver"
• In reply to: Herbert Poetzl: "[vserver] VServer Capabilities ..."
• Next in thread: Rik van Riel: "Re: [vserver] VServer Capabilities ..."
• Next in thread: Georges Toth: "Re: [vserver] VServer Capabilities ..."
• Reply: Rik van Riel: "Re: [vserver] VServer Capabilities ..."