Re: Preparing Debian for using capabilities: file ownership.

[Nicolás Lichtmaier <nick@debian.org>]

> >  Yes, you are right, I was probably too optimisitic with that. But, perhaps,
> > the "general change" will be the modification of EXT2 to support "resource
> > forks", but the needed changes in the VFS are probably small, and perhaps,
> > one of those new filesystems will include capabilities before ext2 does...
> 
> I wonder if you're read linux-kernel recently, resource forks definitely
> will never be part of (mainstream) Linux. Nasty evil things!

 I think that Linus has recently said he wouldn't be opposed to such thing.
He said that you will be able to use readdir *on a file* to get the
available "forks".

> The changes to the VFS will probably be minimal, but they do require
> people agree on a flexible way to handle all kinds of attributes without
> tieing things down to a single (or even the set of currently existing) 
> filesystem(s).

 Yep... but I bet that Linux 2.5 will eventually have FS capabilities.

> > But anyway, capabilities are useable without fs support.
> Definitely. Some daemons like proftpd already use them.
> Also, keep in mind that the set of capilities differs between 2.2 and
> 2.4 kernels if memory serves me correctly, and people are still looking
> at making sure the current set is an optimal one. (Fun assignment: see
> which capabilities can lead to root access. It turns out to be a
> surprisingly large set).

 Yes, it will be a while before we have a fully capabilities based system.
But we should know how the future will be, and try to head that way.
Changing the files' permission will be needed, and it would be a long
trancision, so it's better to start it earlier. Besides, even if we don't
use capabilities yet, we help those people who want to experiment with them,
and that can't be bad.