Subject: Re: Integrating securelevel and kauth(9)
To: Elad Efrat <>
From: Darren Reed <>
List: tech-kern
Date: 03/23/2006 19:43:03
On Thu, Mar 23, 2006 at 06:47:36PM +0200, Elad Efrat wrote:
> 1. There will be a new scope, the "system" scope, that'll contain
>    operations that are currently guarded by securelevel.
>    For example, "overwrite immutable flag", "open raw memory",
>    "write to raw memory", "change firewall rules"...

How do I grant a user specific capabilities identified here ?

For example, with root, all a user needs to do is "su" and he's right.

Is there a "grant capabilities" flag ?

I think we need to see how this interacts with user space to understand
whether or not we have the right interface.