|
|
|
|
|
|
by stormbrew
1615 days ago
|
|
|
They're a good step but they're really a step in a different direction, even though capabilities are at the heart of how plan9 does permissions as well. Plan9 capabilities are more like kerberos tokens, so you get them from privileged services and then can use them to perform privileged actions. Linux capabilities don't really change any of the issues around namespace security because they don't inherently provide a way to elevate privileges without setuid. |
|
|