From mboxrd@z Thu Jan 1 00:00:00 1970 From: One Thousand Gnomes Subject: Re: General flags to turn things off (getrandom, pid lookup, etc) Date: Wed, 30 Jul 2014 15:37:58 +0100 Message-ID: <20140730153758.6431fafa@alan.etchedpixels.co.uk> References: <20140725223550.3153f436@alan.etchedpixels.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org To: Andy Lutomirski Cc: "Eric W. Biederman" , Julien Tinnes , David Drysdale , Al Viro , Paolo Bonzini , LSM List , Greg Kroah-Hartman , Paul Moore , James Morris , Linux API , Meredydd Luff , Christoph Hellwig , "linux-kernel@vger.kernel.org" , Kees Cook , Theodore Ts'o , Henrique de Moraes Holschuh , linux-crypto@vger.kernel.org List-Id: linux-api@vger.kernel.org > > We sort of have one. It's called capable(). Just needs extending to cover > > anything else you care about, and probably all the numeric constants > > replacing with textual names. > > > > Except that it's all backwards: these are things that default to *on*, > and people might want them to turn off. capable() is totally fscked > if you want otherwise unprivileged users to carry capabilities around The userspace API is, but capable() as a userspace API and capable() as an in kernel check are only connected by history. For the in kernel part you can either teach everyone another disjoint API or we can have a single API in kernel for saying "is XYZ allowed".