As I understood it, address based filtering could/would have been done with the multiple files approach too. However the capabilities based approach sounds really good. AFAICS it achieves basically the same in a simpler way. Simpler = more secure.
I think the multi-file approach would allow to enable certain access only if well-known unit directories are present. But this could also be done via the capabilities based approach. It would add complexity either way; maybe actually less so if done in-kernel. However, such features could be considered later. If I look at our current track record of IEEE 1394 kernel driver maintenance, simplicity is what we need in a solution, first and foremost. (Note, I am not familiar with a lot of IEEE 1394 applications nor with Linux Capabilities.) -- use /dev/video1394, not /dev/raw1394 https://launchpad.net/bugs/6290 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
