Hi Folks! recently somebody asked me "what happended to the CAP_QUOTACTL?", and I had to read the code (my code ;) to remember, that I removed it some time ago ...
The main reason for removing it was that this capability had #30, and there are currently 32 bits available for capabilities, so I didn't want to use them up lightly ... to cut this short, it seems to me that currently possible granularity isn't sufficient for many vserver applications (just take a look at the ~40 allows/denies the CAP_SYS_ADMIN implicates), so I would propose to extend and/or separate the vserver specific capabilities from the 'normal' capabilities, creating some kind of Per Context Capabilities, which then would allow to have fine grained control where it is required. examples would be: - Allow examination and configuration of disk quotas - Allow setting the domainname - Allow setting the hostname - Allow setting promiscuous mode - Allow clearing driver statistics - Allow binding to any address for transparent proxying - Allow mlock and mlockall and of course future capabilities not needed on normal systems, like ... - Allow access to other Context Files - Allow full /proc filesystem - Allow generic/secure device access and many more ... what do you think about it? best, Herbert
