Subject: Re: Integrating securelevel and kauth(9)
To: Elad Efrat <elad@NetBSD.org>
From: Darren Reed <darrenr@NetBSD.org>
Date: 03/23/2006 19:43:03
On Thu, Mar 23, 2006 at 06:47:36PM +0200, Elad Efrat wrote:
> 1. There will be a new scope, the "system" scope, that'll contain
> operations that are currently guarded by securelevel.
> For example, "overwrite immutable flag", "open raw memory",
> "write to raw memory", "change firewall rules"...
How do I grant a user specific capabilities identified here ?
For example, with root, all a user needs to do is "su" and he's right.
Is there a "grant capabilities" flag ?
I think we need to see how this interacts with user space to understand
whether or not we have the right interface.