solidot新版网站常见问题,请点击这里查看。
消息
本文已被查看336次
[$] Namespaced file capabilities
来源于:LWN
The kernel's file capabilities mechanism is a bit of an awkward fit with
user namespaces, in that all namespaces have the same view of the
capabilities associated with a given executable file. There is a patch set under consideration that adds
awareness of user namespaces to file capabilities, but it has brought forth
some disagreement on how such a mechanism should work. The question is, in
brief: how should a set of file capabilities be picked for any given user
namespace? 查看全文>>