Alan Cox wrote: > So you add a "required cap bits" to your diag driver interface and use > "0" for useful unpriviledged diag calls. It doesn't make the problem any > harder to solve, and anything that is hard or is policy related gets > CAP_SYS_RAWIO and is punted to user space policy management Hm... capability mask per diag subcode would be proper access control indeed. Looks like I am running out of arguments ;-). --
Carsten Otte IBM Linux technology center ARCH=s390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
