On Thu, Mar 23, 2006 at 06:47:36PM +0200, Elad Efrat wrote:
...
> 1. There will be a new scope, the "system" scope, that'll contain
>    operations that are currently guarded by securelevel.
> 
>    For example, "overwrite immutable flag", "open raw memory",
>    "write to raw memory", "change firewall rules"...

How do I grant a user specific capabilities identified here ?

For example, with root, all a user needs to do is "su" and he's right.

Is there a "grant capabilities" flag ?

I think we need to see how this interacts with user space to understand
whether or not we have the right interface.

Darren