Previously Marco d'Itri wrote: > What would you all think about a patch to start-stop-daemon to remove > capabilities from spawned daemons? > Whith this patch many daemons would not need uid=0 anymore. You either run with uid=0 and remove capabilities, or run with another uid and add capabilities. Make up your mind :). The right solution is probabily either something like a capd, or a capabilities-enhanced filesystem (I think there are patches for ext2fs, and ext3fs already has it?). Wichert. -- ============================================================================== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: wichert@cs.leidenuniv.nl WWW: http://www.wi.leidenuniv.nl/~wichert/
Attachment:
pgpZRHetQBf8s.pgp
Description: PGP signature