Re: socket-based activation has unmaintainable security?
Quoting Andrey Rahmatullin (firstname.lastname@example.org):
> On Wed, Feb 06, 2013 at 12:30:28PM -0600, Serge Hallyn wrote:
> > > > Do we finally have mechanisms to start processes without root but with
> > > > elevated capabilities?
> > > We also need fallback for non Capability-capable supported kernels
> > > (wow that's an awkward sentence)
> > Not to mention non-xattr-backed filesystems.
> xattrs is only one of possible mechanisms but as we don't have it either,
> its shortcomings are probably not worth mentioning.
For posix capabilities attached to files xattrs are currently the
only means. That's what I assumed this was referring to.