Andrew Morgan [EMAIL PROTECTED] wrote:
OOC If we were to simply drop support for one process changing the
capabilities of another, would we need this patch?
Well, the patch could be less, but there's still the possibility of a kernel
service wanting to override the capabilities mask.
David
-
On Wed, 2007-09-19 at 21:11 -0700, Andrew Morgan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Howells wrote:
Move the effective capabilities mask from the task struct into the
credentials
record.
Note that the effective capabilities mask in the cred struct shadows