Re: socket-based activation has unmaintainable security?
Quoting Jonathan Dowland (firstname.lastname@example.org):
> On 6 Feb 2013, at 17:37, Andrey Rahmatullin <email@example.com> wrote:
> > Do we finally have mechanisms to start processes without root but with
> > elevated capabilities?
> We also need fallback for non Capability-capable supported kernels
> (wow that's an awkward sentence)
Not to mention non-xattr-backed filesystems.
Every time I've been in a discussion like this, that ends up being
the reason not to pursue it.